[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [wsrp-wsia] [I#175] Roles should be per-Entity and not per-Producer
I'm concerned that if we keep roles we are establishing a precedent for specs defining things that belong elsewhere (security in this case). It is not realistic to think that WSRP is all that will be involved in the communications between the two parties or that it should define what all of the other things are. We should be focussed on the protocol relative to content generators being accessible as web services. Anything outside that domain is treading on thin ice. Rich Thompson Rex Brooks <rexb@starbourne. To: Carsten Leue <CLEUE@de.ibm.com>, wsrp-wsia@lists.oasis-open.org com> cc: Subject: Re: [wsrp-wsia] [I#175] Roles should be per-Entity and not 12/10/2002 12:41 per-Producer PM I'm concerned that if we dropped roles altogether, no matter how dicey or messy it is to keep them, we would see dozens of different extensions added into the mix by producers and consumers, but if we can make a clear but very simple way to include them, we stand a better chance of having fewer wildly different kinds of role verification put in use willy nilly. I agree it should be per entity (or portlet if we settle on that as the name of the great thingie). Ciao, Rex At 5:03 PM +0100 12/10/02, Carsten Leue wrote: >Just to reopen the role discussion: instead of thinking of refining the >role support we should think of dropping it altogether. I summarized the >reasons for this already in another email. >One example reoccurs in Eilon's example - the producer that spans multiple >web-apps in J2EE. For me this seems to apply that the producer would use >the app's J2EE roles as WSRP roles. In this case I would also assume that >after a WSRP call containing such role information a call like isUserInRole >would work on the producer. However as no credentials are sent around this >is impossible to implement. > >>From my point of view it would be best to rely on WS-Security. > >Best regards >Carsten Leue > >------- >Dr. Carsten Leue >Dept.8288, IBM Laboratory Böblingen , Germany >Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401 > > > > > Gil Tayar > <Gil.Tayar@webcol > lage.com> To > wsrp-wsia@lists.oasis-open.org > 12/10/2002 09:18 cc > AM > Subject > [wsrp-wsia] [I#175] Roles should be > per-Entity and not per-Producer > > > > > > > > > > >Issue: 175 >Status: Active >Topic: interface >Class: Technical >Raised by: Eilon Reshef >Title: Roles should be per-Entity and not per-Producer >Date Added: 10-Dec-2002 >Document Section: v0.85/4.1.7 >Description: >RoleDescription[] - should it be per each Entity and not per Producer? The >current model only supports roles per Producer which works when the >Producer is a centralized portal environment, but makes it much harder to >manage and deploy changes in less controlled environment. For example, this >means that if a development environment allows portlet developers to define >custom roles per portlet (e.g., if one Producer may span multiple web-apps >in J2EE), then the Producer must continuously accumulate all roles from all >its portlets to present a coherent role list. And, the Consumer needs to >sample that list more often to ensure that there are no changes. Another >example is how would an application-level-WSRP-proxy support multiple >services with different roles? > > > >---------------------------------------------------------------- >To subscribe or unsubscribe from this elist use the subscription >manager: <http://lists.oasis-open.org/ob/adm.pl> -- Rex Brooks Starbourne Communications Design 1361-A Addison, Berkeley, CA 94702 *510-849-2309 http://www.starbourne.com * rexb@starbourne.com ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC