[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [wsrp-wsia] [change request #7] User identity (authenticated) forpersonalization
I'm not sure we need that. section 6.10.1 says that producers may not sopport user categories so this is the first part of your sentence. The second part is surely true, but I think we don't need to mention it. Such definitions belong to WS-Policy (declaration of required security tokens) and WS-Security (transporting and veryfying these). Mit freundlichen Gruessen / best regards, Richard Jacob ______________________________________________________ IBM Lab Boeblingen, Germany Dept.8288, WebSphere Portal Server Development Phone: ++49 7031 16-3469 - Fax: ++49 7031 16-4888 Email: mailto:richard.jacob@de.ibm.com |---------+----------------------------> | | Rich | | | Thompson/Watson/I| | | BM@IBMUS | | | | | | 01/20/2003 05:02 | | | PM | |---------+----------------------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| | | | To: wsrp-wsia@lists.oasis-open.org | | cc: | | Subject: [wsrp-wsia] [change request #7] User identity (authenticated) for personalization | >--------------------------------------------------------------------------------------------------------------------------------------------------| Document: WSRP Spec v0.9 Section: 6.10 Page/Line: 48/36-42 Requested by: Subbu Allamaraju Old text: Proposed text: [addition] Sophisticated producers may completely ignore user categories and instead rely on authenticated user and/or consumer identity for personalization of behavior and/or markup. Reasoning: Sophisticated producer-consumer implementations may choose to propagate authenticated end user security context using some (unspecified) security mechanism. With such a security mechanism in place, a producer may choose to use the authenticated principal and roles for personalization in place of userContextID and userCategories. I suggest that this section mention this possibility. This would also address sophisticated implementations that rely only on authenticated user identity and roles for personalization. ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC