Subject: Re: [wsrp-interop] guest/anonymous user access
[revisiting this thread]
Thanks Richard. You had explained the issue very well. So what do others think? Can we then assume that userContextKey=wsrp:minimal is all the Consumer needs to send to indicate guest/anonymous access?
While on this subject, in addition, it would be ideal if userContext=null itself could be an indication of guest/anon access. Since the WSDL defines userContext as nillable, it would have been convenient to make the assumption. If the Consumer wants to propagate additional information (user categories, etc) associated with the guest/anon access, they could still send a valid userContext with userContextKey set to wsrp:minimal.
Richard Jacob wrote:
Atul Batra <atul.batra@Sun.COM> wrote on 03/25/2004 09:47:55 PM:Yes, my question was confusing. I need to rephrase :-) Without all the background on this one, I guess my question was more why we thought that userCategory should be wsrp:minimal as well. In order to represent a guest user, would userContext=wsrp:minimal by itself not suffice? In that case, if the Consumer so choose to send along values for the userCategory, that would be additional information, but not something Producers would use to detect guest/anonymous access. AtulI tend to agree with Atul here and think he is making a valid point. Atul, please correct me if my summary is wrong. 1. Producers are not required to provide any categories in the ServiceDescription.userCategoryDescriptions 2. Consumers are not allowed to specify any userCategory not defined in the Producer's ServiceDescription 1+2=3. If the Producer does not define any user category being supported, the convention we've choosen prevents the Consumer to specify an anonymous user simply because it would contradict either 2. or the convention -> no way out for the Consumer. Personally I don't remember why we argued that userCategory in the userContext has to be wsrp:minimal, too. I guess the argument here was that a guess user is considered a user with minimal categorization information as defined in the spec and therefor it would not be convienient to assert a higher degree category to a guest user. But as said, what if the Producer does not define wsrp:minimal as supported? If the contextKey is wsrp:minimal the Producer already knows that it's a guest user and can assert whatever category he likes for that user (if he supports any, otherwise the discussion is obsolet). If the Consumer for instance sends wsrp:full in conjunction with wsro:minimal contextKey, the Producer should be free to ignore that and reset it to wsrp:minimal? cheers Richard