Pandemonium Medicine Show

I am still working on the two Membership Serivce chapters I mentioned about two weeks ago for an updated edition of the JXTA Programmers Guide. I received some excellent feedback on the first chapter from Ted Kosan of the JXTA Guide project. I've since updated the first Membership chapter and I have been working on the second chapter which focuses on the PSE Membership Service.

I've found documentating the PSE Membership Service harder than I expected. Part of the problem has been the realization that the PSE Membership Service's placement within the JXTA implemention rather than the public API is really a problem. Secondly, the interfaces and functionality aren't quite as clean or complete as I remember them. Strangely, the backend interfaces, the SPI interfaces, for KeyStore management are cleaner and have better javadoc than the API interface. Sigh. In any event I have been plowing through and have now written about 4 pages of reasonably useful material. I've been trying to make sure that the chapter is more than a narrative version of the javdoc. Creating good sample code has also been a challenge. I've leaned towards code which is immediately reusable, ie. cut and paste, rather than large standalone examples.

A long time ago I had the strange idea that one sufficiently complete example could answer all possible questions. The result was the psesample , a complete example of using the PSE Membership Service along with CA operations and certificate management. It's more than most people want or need though. I guess I had expected that "this is where PSE Membership logically leads, why not just jump to the end." It's still a useful sample application, but for the chapter in progress I have instead been focusing on more straightahead usage of the PSE Membership Service. Perhaps at some point a third chapter could be written just to cover psesample.

It seems that there has been a lot of interest in securing JXTA lately. As a result of these discussions somehow an Access Service based upon PSE was proposed. I spent about an hour thinking, reviewing and reading about what would be required in order to implement a PSE Access Service on Friday afternoon (yes while avoiding working on the PSE chapter). It turns out that it would be alot easier than I expected. The basic idea is to create an Access Service whose "operations" are TrustAnchors and which would make use of the PSE Membership Service and PSECredential. PSECredentials would be evaluated against TrustAnchor operations and if the certificate chain contained the TrustAnchor then the operation would be permitted. As it turns out JCE is willing to do almost all of the work via CertPathValidator. There is more research which needs to be done and I need to continually resist the temptation to dive into coding it.... back to the PSE chapter.

I don't want to make it sound like I hate documentation or writing, far from it. It is more a case that it is entirely too easy to be drawn into doing nothing but coding. I certainly do enough of that already. Writing documentation is an enjoyable diversion. Like ice cream, good documentation should be prepared in small batches.