[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [wsrp-wsia] [I#104] WSRP recommends that portals not douser-mapping
The language was changed in v0.8 to be: "It is anticipated that some entities will interact with one or more back-end applications that require a user identity for the End-User. If the user identity required by the back-end application is not the same as that authenticated or otherwise supplied by the Consumer, the entity SHOULD require the End-User to provide the necessary information (preferably using secure transport) for use with the back-end application via markup interactions (e.g. display a form that prompts for a user identity and any security tokens (such as a password) for the back-end system)." This anticipates that there may be multiple ways a Consumer supplies user information to an entity, but that the entity ultimate fall-back is to generate a UI requesting the information from the End-User. Does this language cover the use cases? Suggestions to clarify it if it doesn't? Gil Tayar <Gil.Tayar@webcol To: wsrp-wsia@lists.oasis-open.org lage.com> cc: Subject: [wsrp-wsia] [I#104] WSRP recommends that portals not do 10/07/2002 01:12 user-mapping AM Topic: user info Class: Editorial Title: WSRP recommends that portals not do user-mapping Document Section: 10.2 Description: The spec says "If user identity known by the back-end application is not the same as that authenticated by the Consumer, the entity SHOULD require the End-User to provide the necessary information...". This seems to make vendor extensions to WSRP that allow the consumer to handle user-mapping and transfer the needed credentials to the producer unrecommended. There is no reason for this, and some portals, including SAP's, currently have this feature. The SHOULD should be replaced with CAN, perhaps also mentioning the possibility of vendor extension. ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC