[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [wsrp-wsia] Create Issue: profileKey scope
I was part of the profile discussions in the security sub-group, and from what I remember we wanted to only send the needed profile elements once per session, as a possible optimization, but definitely not once for ever.
Yossi.
-----Original Message-----
From: Rich Thompson [mailto:richt2@us.ibm.com]
Sent: Tuesday, October 01, 2002 6:55 PM
To: wsrp-wsia@lists.oasis-open.org
Subject: Re: [wsrp-wsia] Create Issue: profileKey scope
When I wrote this description, I also placed its duration at the session
level. When I checked my notes from the F2F though, the discussion had
explicitly said to scope it as invariant for the registration.
Unfortunately I did not note the reason why and don't remember at this
point. The only one that springs to mind is transferring the profile early
in the interactions and later only transferring this key. I wasn't willing
to enter that into the description yet as it explicitly describes the
Producer as persisting the profile (bunch of privacy issues).
Carsten
Leue/Germany/IBM@ To: "Tamari, Yossi" <yossi.tamari@sap.com>
IBMDE cc: gil@webcollage.com, wsrp-wsia@lists.oasis-open.org
Subject: Re: [wsrp-wsia] Create Issue: profileKey scope
10/01/2002 11:45
AM
Yossi -
I think the intention of the profileKey was to allow the producer to use
this key as a hash value to associate user specific data with the user. It
does not need to be persisted by the producer.
Best regards
Carsten Leue
-------
Dr. Carsten Leue
Dept.8288, IBM Laboratory Böblingen , Germany
Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401
|---------+---------------------------->
| | "Tamari, Yossi" |
| | <yossi.tamari@sap|
| | .com> |
| | |
| | 10/01/2002 03:16 |
| | PM |
|---------+---------------------------->
>
-------------------------------------------------------------------------------------------------------------------------------|
|
|
| To: gil@webcollage.com
|
| cc: wsrp-wsia@lists.oasis-open.org
|
| Subject: [wsrp-wsia] Create Issue: profileKey scope
|
|
|
|
|
>
-------------------------------------------------------------------------------------------------------------------------------|
Topic: user info
Class: Technical
Title: Should profileKey be persistent?
Document Section: 4.1.2
Description:
In section 4.1.2 (page 21 in 0.7), it says:
"profileKey: A string that MAY be used as a reference to the UserProfile
and that MUST remain invariant for the duration of a Consumer's
registration"
This insinuates that the profile can be persisted at the producer, and this
is the key to that data. On the other hand there is no way to destroy this
persistence in the spec.
I don't think there was any intention to require the consumer to send a
persistent user ID to the producer. I can see why it is important in the
context of a session, but especially since a different entity is cloned for
each user, this seems unreasonable, and an invitation for abuse by producer
developers.
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC