Re: [wsrp-wsia] [I#104] WSRP recommends that portals not douser-mapping

[Rich Thompson <richt2@us.ibm.com>]

The language was changed in v0.8 to be:

  "It  is  anticipated  that  some  entities will interact with one or more
  back-end  applications  that require a user identity for the End-User. If
  the user identity required by the back-end application is not the same as
  that  authenticated  or  otherwise  supplied  by the Consumer, the entity
  SHOULD   require  the  End-User  to  provide  the  necessary  information
  (preferably using secure transport) for use with the back-end application
  via  markup  interactions  (e.g.  display  a form that prompts for a user
  identity  and  any  security tokens (such as a password) for the back-end
  system)."


  This anticipates that there may be multiple ways a Consumer supplies user
  information  to  an  entity, but that the entity ultimate fall-back is to
  generate  a  UI  requesting  the information from the End-User. Does this
  language cover the use cases? Suggestions to clarify it if it doesn't?



                                                                                                                   
                      Gil Tayar                                                                                    
                      <Gil.Tayar@webcol        To:       wsrp-wsia@lists.oasis-open.org                            
                      lage.com>                cc:                                                                 
                                               Subject:  [wsrp-wsia] [I#104] WSRP recommends that portals not do   
                      10/07/2002 01:12          user-mapping                                                       
                      AM                                                                                           
                                                                                                                   
                                                                                                                   



Topic:  user info
Class:  Editorial
Title:  WSRP recommends that portals not do user-mapping
Document Section: 10.2
Description:
The spec says "If user identity known by the back-end application is not
the
same as that authenticated by the Consumer, the entity SHOULD require the
End-User to provide the necessary information...".
This seems to make vendor extensions to WSRP that allow the consumer to
handle user-mapping and transfer the needed credentials to the producer
unrecommended. There is no reason for this, and some portals, including
SAP's, currently have this feature. The SHOULD should be replaced with CAN,
perhaps also mentioning the possibility of vendor extension.

----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>