I'm Brett Slatkin and this is where I write about programming and related topics. You can contact me here or view my projects.

17 August 2013

The threat model of the Internet has changed

I've been digging into the seminal REST paper, written 13+ years ago, to find antiquated ideas: Anarchic Scalability

Anarchic scalability refers to the need for architectural elements to continue operating when they are subjected to an unanticipated load, or when given malformed or maliciously constructed data, since they may be communicating with elements outside their organizational control. The architecture must be amenable to mechanisms that enhance visibility and scalability.
Servers cannot be expected to retain knowledge of state across requests.
Intermediary applications, such as firewalls, should be able to inspect the application interactions and prevent those outside the security policy of the organization from being acted upon. The participants in an application interaction should either assume that any information received is untrusted, or require some additional authentication before trust can be given.
However, since authentication degrades scalability, the architecture's default operation should be limited to actions that do not need trusted data: a safe set of operations with well-defined semantics.

Now in 2013 Internet traffic goes over HTTPS by default for most major services. We have figured out how to scale it. Firewalls and caching proxies are vanishing quickly. Acceleration services like Silk don't touch HTTPS. The last piece to dismantle is transparent proxies used by mobile browsers.

After the Arab Spring and the reality of PRISM, enabling deep packet inspection and intermediate filtering is wrong. REST layering still applies for browser caches and trusted intermediaries (frontline reverse proxies like Nginx) but that's about it.

Big parts of the REST architecture are no longer relevant. The threat model has changed.
© 2009-2024 Brett Slatkin