RE: Ballot Attached - Group 3: Sessions

[Darren Platt <dplatt@securant.com>]

> I'm baffled.

There was, and still is, some confusion over this issue.  Let's discuss it
on the call tommorow.

Darren




> -----Original Message-----
> From: Orchard, David [mailto:dorchard@jamcracker.com]
> Sent: Tuesday, February 27, 2001 12:52 PM
> To: Evan Prodromou; UseCaseList
> Subject: RE: Ballot Attached - Group 3: Sessions
>
>
> I'm baffled.  I have always wanted explicit scenarios showing differences
> between logout and timeout.  I originally wanted to make the scenarios
> explicit to show logout/timeout separately (and votable separately), hence
> my first submission.  These are the only user or system actions
> that result
> in changes of state.  These seemed to be the only things that are
> applicable
> for session to me.  It was my thinking that if you approve either
> timeout or
> logout, you have approved a form of session.  I was instructed to keep the
> numbering and use cases roughly as is - specifically UC-3-1 session.  I
> didn't agree at the time, but did it anyways, the 2nd /final submission.
>
> It now looks like a good thing because some people appear to want session
> mgmt, but not logout and/or timeout.  This gives us a mechanism to approve
> the topic, and then dive into the details of what these mean.  If we had
> done what I suggested, then we might not have approved session management,
> even if sufficient people wanted some form of it.  Now that we
> have approved
> the concept of session management, we can start trying to figure out what
> the detailed requirements and design..
>
> Cheers,
> Dave
>
> > -----Original Message-----
> > From: Evan Prodromou [mailto:evan@outlook.net]
> > Sent: Tuesday, February 27, 2001 12:14 AM
> > To: UseCaseList
> > Subject: Re: Ballot Attached - Group 3: Sessions
> >
> >
> > >>>>> "EP" == Evan Prodromou <evan@outlook.net> writes:
> >
> >     JH> rationale: I believe this is subsummed within the topic of
> >     JH> [UC-3-1:UserSession] and we should deal with it explicitly in
> >     JH> that context.
> >
> >     EP> So, I'm kind of confused by this rationale.
> >
> > Actually, on review, I've noticed that it was actually David's idea to
> > remove these requirements. I still don't understand why, but I see I
> > was directing my questions at the wrong person.
> >
> > David: why? B-) I find this even more puzzling, because those were
> > req'ts pulled out of ITML and posted to this list. Was there a reason
> > you didn't want the explicit logout, timeout, etc. requirements?
> >
> > ~ESP
> >
> > ------------------------------------------------------------------
> > To unsubscribe from this elist send a message with the single word
> > "unsubscribe" in the body to:
> > security-use-request@lists.oasis-open.org
> >
>
> ------------------------------------------------------------------
> To unsubscribe from this elist send a message with the single word
> "unsubscribe" in the body to: security-use-request@lists.oasis-open.org
>