[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [wsrp-security] [wsrp][security] minutes from 7/24 telecon; agenda for 7/31
Hi, Re: "the need for having producer metadata to indicate a subset of the standard profile elements a producer cares about (so the consumer can send only what will be used by the producer) was discussed. Conclusion was that there is not a compelling requirement to justify the added complexity this would introduce" In today's conf call some compelling reasons to actually return this metadata were raised: * This will enable the portal to display to the end-user what elements of his profile he is "risking" in order to get this portlet. A good use case for this is a weather portlet: If a portal told me all my profile info (including my email and potentially even my credit card number) will be sent to the producer, I would definitely not use this portlet. But if the producer told the consumer, and the consumer (portal) told me that only my zip code would me sent, I would have no problem with that. That would be a very strong motivation for the portlet writer to send this metadata. * This would enable us to optimize the amount of data that is sent in the profile. That becomes helpful when we discuss whether the profile is sent with each request or at the beginning of the session. Two good reasons to not do this in the beginning of the session are that it forces a portlet that uses the profile to be stateful, and that we would like to avoid the extra overhead of the additional call when possible. I suggest that we should add the profile usage info to the portlet's metadata, simply as a set of names of properties, and not enforce any more rules. A simple consumer can ignore the details of this metadata and always send all the info, but a more advanced consumer would display this metadata to the user/admin, and send only the metadata that is required. Once we agree on that, we can consider sending the profile on each request but we should add the metadata any way. Other opinions??? Yossi. -----Original Message----- From: Cassidy, Mark [mailto:mcassidy@Netegrity.com] Sent: Wednesday, July 31, 2002 9:21 AM To: 'wsrp-security@lists.oasis-open.org' Subject: [wsrp-security] [wsrp][security] minutes from 7/24 telecon; agenda for 7/31 Attached are the minutes from last weeks call. Agenda for tomorrow: 1. User profile transfer: how does this fit in the protocol? 2. UserID: we concluded during last call that userID lives outside of the profile. Where does this fit in the protocol? Required or optional? Call logistics: Time: 8:00 a.m. PST(11:00 a.m. EST, 5:00 p.m. CET) Reservationless-Plus Toll Free Dial-In Number: 877.450.3529 Reservationless-Plus International Dial-In Number: +1.706.679.6653 Conference Code: 4254674195 <<wsrp security minutes 724 .htm>>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC