Subject: C426 JGSI Review Resent-Date: Mon, 11 Oct 1999 08:24:50 -0400 Resent-From: Geoffrey Fox Resent-To: p_gcf@npac.syr.edu Date: Thu, 7 Oct 1999 11:50:26 -0500 From: Joel Jones To: Geoffrey Fox >a)Overall Recommendation Good work. I recommend it for publication. >b)Words suitable for authors The abstract should emphasize the advantages of this work over competing systems, particularly in the area of security. The first paragraph of section 1 should include a definition of HPCC? The first full paragraph of page 2 should includes references for AVS and Khoros. The second paragraph of section 2 should include a reference for JavaBeans. The third paragraph of section 2 should address what other resources, such as data files, need to be managed. In figure 1, I suggest the following changes: o label which components comprise which tiers o show what kinds of messages and data blow boxes and in what direction o show AKENTI, gateway servers, web servers in the figure I would move the discussion of the gateway security model after discussion of the middle tier, or move it as far forward as possible. The next to last paragraph of the section "Secure CORBA: middle tier security" should contain a reference for the OMG specification. In the last paragraph of the aforementioned section, in the sentence beginning "CORBA is very flexible", change "and support no delegation" to "and supports a no delegation model". In the same sentence, change "composite delegation (the" to " composite delegation model (the". In the aforementioned paragraph, perhaps an argument should be made as to why security unaware applications should use the intersection of privileges. Could figure one and figure 2 be combined in a meaningful way? Perhaps splitting them in two between interfaces and implementations? In paragraph two of section 6, play up the security advantages of your work. In the second sentence of the last paragraph of section 7, change "This work is collaboration" to "This work is in collaboration". Overall comments: o should jini be mentioned? o I think some sort of motivating example would be good. This answers questions like: - Who are the users? - What are the problems with existing systems? - Why is this system better than others? o A figure or bullet listing summarizing the services provided by the various components would be helpful. >c)Words for me if necessary Joel Jones jjones@uiuc.edu