The NHSE anticipates that most HPCC repositories will provide access to software and documents by running an http server, as well as perhaps an ftp server. Users will most likely access these servers from a WWW browser, such as Netscape or NCSA Mosaic. Given the URL for a file the user wishes to retrieve, the browser will send the necessary request to the server and either display the retrieved file in a window or save it to the user's disk.
There is not currently a good way for Web browsers to retrieve multiple files in one request - for example, all files making up a software package - unless the files have been pre-packaged into a single tar or shar file. It would be convenient for a user to use a shopping basket approach to specify an arbitrary collection of files and then download them in the background. NHSE developers have been participating in discussions within the WWW community on incorporating such bulk file transfer into WWW protocols such as HTTP.
An alternative to making software available for download is to provide a remote execution service, with which users can submit their input data to a remote server that runs the program and returns the results. Examples of this approach include the NEOS optimization server and the Web interface to //ELLPACK . If there is sufficient demand for them, tools for setting up and running such remote execution services may be included in future versions of RIB.
Some software packages will have access restrictions which require authentication of authorized users before the software can be downloaded. Access control mechanisms available with http client-server combinations include passwords, prohibition by domain name, prohibition by IP address, configurable user groups, rules based on URLs, and the SSL and S-HTTP protocols. An alternative to restricting access to the actual software files is to encrypt these files and allow anyone to download them, but require authorization and authentication to obtain the decryption key. This approach is used in the Crytolope technology of IBM Infomarket . A chart showing which http servers support which access control mechanisms may be found at http://www.webcompare.com/server-main.html. Good sources of information about access control include the WWW Security FAQ and the NCSA httpd documentation .
The NHSE is currently developing prototype access control and user authentication mechanisms based on public key certificates and SSL. After thorough testing, these mechanisms will be included in a future version of Repository in a Box, probably by fall of 1997.