OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsrp message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [wsrp][security] End user identity

Thanks Rich,

You are right about my mix-up. I will circulate a fixed version after
Wednesday's call, integrating people's remarks, and it will be fixed there.

I don't know if the term "authenticated" is the right one for #3, it is kind
of used here for historical reasons... If you come up with a better name for
this I will change it.
I don't think there is any relation between how the user was identified by
the portal and the information the portal sends to the portlet. The
passwords that are passed to the portlet are not necessarily those passed to
the portal, they can be based on some mechanism of letting the user\admin
define that for portlet X, that is based on some back-end app, pass a
specific set of credentials that is needed for that back-end app.

	Yossi.   


-----Original Message-----
From: Rich Thompson [mailto:richt2@us.ibm.com]
Sent: Monday, April 08, 2002 8:28 PM
To: wsrp@lists.oasis-open.org
Subject: Re: [wsrp][security] End user identity



Yossi,

Thanks for capturing this discussion, I think you interchanged producer and
consumer in the 3rd sentence of #2 (I think it should be "The producer
could expose in its metadata that it requires the user's zip code, and the
consumer would pass that property to him").

On a side note: It bothers me a bit that the term "Authenticated" is being
used in the case where credentials are being presented to the producer so
that the producer may independently authenticate the user (or use the
credentials for authentication to some other system). To me "Authenticated"
implies the portal has already authenticated the user and is telling the
portlet to trust that authentication. Is it useful for there to be 3 levels
of the portal identification of the End-User (anonymous, identified (eg.
read from a cookie) & authenticated (eg. password entered)) prior to
credentials being made available to the portlet?

Rich


 

                      "Tamari, Yossi"

                      <yossi.tamari@sapp        To:
"'wsrp@lists.oasis-open.org'"                         
                      ortals.com>                <wsrp@lists.oasis-open.org>

                                                cc:

                      04/08/2002 12:38          Subject:  [wsrp][security]
End user identity                    
                      PM

 

 





Here is the extended end user identity document according to agenda item
3.5
from the last conference call.

 <<End User Identity.doc>>  <<End User Identity.htm>>  <<End User
Identity.PDF>>

      Yossi.






#### End User Identity.doc has been removed from this note on April 08 2002
by Rich Thompson
#### End User Identity.htm has been removed from this note on April 08 2002
by Rich Thompson
#### End User Identity.PDF has been removed from this note on April 08 2002
by Rich Thompson




----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC