[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [wsrp-wsia] [change request #140] Add PortletDescription.onlySecure?
Such a simple flag would help a consumer pick https bindings to talk to the producer, ensuring that at least some secure Portlets are likely to be secure. -----Original Message----- From: Rich Thompson [mailto:richt2@us.ibm.com] Sent: 12 February 2003 16:55 To: wsrp-wsia@lists.oasis-open.org Subject: [wsrp-wsia] [change request #140] Add PortletDescription.onlySecure? Document: Spec Section: 5.1.11 Page/Line: 20/14 Requested by: Mike Freedman Old text: New text: [O] boolean onlySecure Reasoning: At the last F2F we removed setting of security requirements from none, some, all in deference for only supporting some. There is value to the consumer in knowing that a portlet runs entirely in secure mode -- e.g. a portal may signify this portlet in a special way in the portlet respository/toolbox and only allow it to be added to "secure" pages. Shouldn't we allow a portlet to signify this? Note: doing so puts us in tighter alignment with JSR 168 which allows this information to be declared/specified. [RT] My understanding of the F2F discussions was that one only needed to know the security for the "default" markup (e.g. for the initial page). After that, the page must be secure if any of the portlets has a current indication that secure communication is required and is allowed to be unsecure only if there are no portlets with such current indicators. ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC