Stricter encapsulation of sync events

[AliceZhang]

Version 0.8

In our use scenario,we want to insatiate one session per web application by calling
coweb.initSession();

And then within this single session, we may create 1 to 10's number of collaboration instances by calling
var collab1 = coweb.initCollab("someKey") //key is on per artifact basis
collab1.subscribeSync(id, this, "remotehandler")

Base on my observation, although open coweb client framework do not deliver syncevent for collab x to application that are not subscribe to collab1, the syncevent is delivered to all the web client that are in the same session.
This would cause the following issues

1. Security issue,
2. Unnecessary network traffic

If a web client is not part of a collaboration instance, then server should not deliver the event to that client

[AliceZhang]

Mentioned the above issue to Brian in a meeting

[Brian-Burns-Bose]

In order to solve this problem, 2 modifications need to occur.

Each collaboration instance will need it's own bayeux channel for sync events. Currently there are 2 sync event channels with the following format.

/session/sessionid/sync/app
/session/sessionid/sync/engine

All collaboration instances in the session share the same sync channel. This is why all clients in the session receive all of the collaboration sync events. If each collaboration instance has it's own unique sync channel then the server will only send the sync events to those clients who are subscribed to that channel. The sync event channel should change to the following.

/session/sessionid/collabid/sync/app
/session/sessionid/collabid/sync/engine

Currently there is only one instance of the operation engine per session. All sync events are transformed even if there are no collaboration instances listening for them. If we create unique channel names for each collaboration instance, we will need to assign an operation engine to each collaboration instance.

[AliceZhang]

Hi Brian,
The modifications would solve the problem in this issue

[Brian-Burns-Bose]

There are some issues that are coming up with this solution, particularly on the server.

1. Since each collaboration instance has it's own operation engine, the client's siteid is no longer a valid siteid for that operation engine instance. Lets say 3 people are in a session with siteid's 1 - 3. Clients 1 and 2 have 2 collaboration instances, and client 3 only has 4 collaboration instances. Client 3's 4'th op engine will have a siteid of 3. It should have a siteid of 1 because Client 1 and 2 do not have that particular collab instance. This means the server would have to be designed to not only maintain client siteids but also siteids for each client's collaboration instances.
2. Since one of the main purposes of implementing the unique sync channels is to protect sync events from going to non authorized clients, we would have to make sure late join data from the collab instances only goes to clients that have those collab instances. This would require the server to filter late join data and figure out what client's are authorized to receive what data.
3. We have to protect late join data so what happens when a collaboration instance is created after the session join process have been completed? Now the server would need to implement an on demand late join process.

In order to implement this issue we end up writing a brand new server. This would be a huge risk for a small benefit.