[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [wsrp-wsia] Create Issue: profileKey scope
I was part of the profile discussions in the security sub-group, and from what I remember we wanted to only send the needed profile elements once per session, as a possible optimization, but definitely not once for ever. Yossi. -----Original Message----- From: Rich Thompson [mailto:richt2@us.ibm.com] Sent: Tuesday, October 01, 2002 6:55 PM To: wsrp-wsia@lists.oasis-open.org Subject: Re: [wsrp-wsia] Create Issue: profileKey scope When I wrote this description, I also placed its duration at the session level. When I checked my notes from the F2F though, the discussion had explicitly said to scope it as invariant for the registration. Unfortunately I did not note the reason why and don't remember at this point. The only one that springs to mind is transferring the profile early in the interactions and later only transferring this key. I wasn't willing to enter that into the description yet as it explicitly describes the Producer as persisting the profile (bunch of privacy issues). Carsten Leue/Germany/IBM@ To: "Tamari, Yossi" <yossi.tamari@sap.com> IBMDE cc: gil@webcollage.com, wsrp-wsia@lists.oasis-open.org Subject: Re: [wsrp-wsia] Create Issue: profileKey scope 10/01/2002 11:45 AM Yossi - I think the intention of the profileKey was to allow the producer to use this key as a hash value to associate user specific data with the user. It does not need to be persisted by the producer. Best regards Carsten Leue ------- Dr. Carsten Leue Dept.8288, IBM Laboratory Böblingen , Germany Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401 |---------+----------------------------> | | "Tamari, Yossi" | | | <yossi.tamari@sap| | | .com> | | | | | | 10/01/2002 03:16 | | | PM | |---------+----------------------------> > -------------------------------------------------------------------------------------------------------------------------------| | | | To: gil@webcollage.com | | cc: wsrp-wsia@lists.oasis-open.org | | Subject: [wsrp-wsia] Create Issue: profileKey scope | | | | | > -------------------------------------------------------------------------------------------------------------------------------| Topic: user info Class: Technical Title: Should profileKey be persistent? Document Section: 4.1.2 Description: In section 4.1.2 (page 21 in 0.7), it says: "profileKey: A string that MAY be used as a reference to the UserProfile and that MUST remain invariant for the duration of a Consumer's registration" This insinuates that the profile can be persisted at the producer, and this is the key to that data. On the other hand there is no way to destroy this persistence in the spec. I don't think there was any intention to require the consumer to send a persistent user ID to the producer. I can see why it is important in the context of a session, but especially since a different entity is cloned for each user, this seems unreasonable, and an invitation for abuse by producer developers. ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl> ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl> ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC