[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [wsia][wsrp-interfaces] userHandle
Please pass this to wsrp-interface list please. You should be aware that you will eventually, and inevitably, be dealing with levels or layers of profile information, some of which can only be released by the end-user and may include a requirement that it not be maintained separately from end-user beyond session. Enforcement of such is, of course, rather difficult, though, no doubt breaking trust may entail its own penalties, which can be enforced by the end-user creating a rule for its own system disallowing consumers who break trust from access to their profiles, or there may evolve a system whereby single-sign-on authentication providers are informed of such behavior and requested to deny access to any profile information for consumers who break trust. Depending on how egregious misbehavior gets, and it is pretty reprehensible on email lists now, such penalties are inevitable, and in their own turn will provide opportunities for abuse from malicious end-users. We are finally getting down to brass tacks wrt profile info. I'm afraid it is a pandora's box inside a can of worms wrapped by several conundra. We can't base our work on pre-empting misbehavior, but we live in a world full of it so we must also make some allowance for it, so if there is a way, beyond security per se, in which we can discourage such, it would be wise to do so at this point in the process. Requiring call backs and final notification when session info is destroyed up the chain may be a good idea, regardless of the overhead in terms of performance. Ciao, Rex At 4:58 PM -0700 7/15/02, Alan Kropp wrote: >I'm not sure I agree. I tend to think some profile information may be >properly scoped at the request level. I don't have any good examples >though...roles maybe? > >To Yossi's point about a separate profile structure. I don't think our >factored structures should be nested, nor should there be stored >"references" in one structure to another (is that what the userHandle is >for?). I think that would be too much complexity for too little gain. I'd >rather see longer signatures/return tuples on the operations. > > > >-----Original Message----- >From: Rich Thompson [mailto:richt2@us.ibm.com] >Sent: Monday, July 15, 2002 11:13 AM >To: wsia@lists.oasis-open.org; wsrp-interfaces@lists.oasis-open.org >Subject: [wsia][wsrp-interfaces] userHandle > > > >The security subgroup has been talking about how/when the user profile is >transfered/referenced. The last proposal I heard was that this reference >was not needed as once the profile is transferred, the entity may refer to >it in its opaque state in any manner it wishes. As to what profile elements >and when to transfer them, it has been proposed to use properties to >indicate what profile elements and have the Consumer set these properties >on or before the first getMarkup() invocation. > > > > > > "Tamari, Yossi" > > <yossi.tamari@sap To: >wsia@lists.oasis-open.org, > .com> >wsrp-interfaces@lists.oasis-open.org > cc: > > 07/15/2002 12:47 Subject: RE: >[wsia][wsrp-interfaces] Refactoring the data objects > PM > > > > > > > > > >See my comments marked with [YT]. >(Most of them are in appendix A, since it seems appendix a is the real >definition of the spec, which I think is wrong, and is a result of what >Rich mentioned below about the obscurity of the interface.) > >The endless debate about putting WSIA concepts in the WSRP standard is >still there... > > Yossi. > >-----Original Message----- >From: Rich Thompson [mailto:richt2@us.ibm.com] >Sent: Friday, July 12, 2002 9:09 PM >To: wsia@lists.oasis-open.org; wsrp-interfaces@lists.oasis-open.org >Subject: [wsia][wsrp-interfaces] Refactoring the data objects > > >As requested in Tuesday's Joint interfaces call, I have reworked the draft >spec in an effort to factor the data items into the scopes presented at the >June F2F. Personally I think this obscures too much and that some of the >data items should move up to first class parameters in the interface. >Hopefully this version can provide a reasonable basis for a discussion of >which items should be promoted either for clarity or as part of supporting >any factoring of the operations. > >Technical note: In order to make this readable but yet leave an indication >of what was modified, I accepted the changes and then appended a space on >the end of changed lines so that a change bar will appear on the left. So >much changed in Appendix A that it all should be considered modified. > >(See attached file: WSIA - WSRP Interface Specification.doc) > > > > >#### WSIA - WSRP Interface Specification1.doc has been removed from this >note on July 15 2002 by Rich Thompson > > > > > >---------------------------------------------------------------- >To subscribe or unsubscribe from this elist use the subscription >manager: <http://lists.oasis-open.org/ob/adm.pl> > >---------------------------------------------------------------- >To subscribe or unsubscribe from this elist use the subscription >manager: <http://lists.oasis-open.org/ob/adm.pl> --
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC