OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsrp-wsia message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [wsrp-wsia] [change request #7] User identity (authenticated)forpersonalization

I would suggest a discussion in the F2F on differentiating what
security-like requirements or processes we address and what are handed
off to other specification development efforts.  Several of the open
items seems to cross those boundaries.

Monica

-----Original Message-----
From: Richard Jacob [mailto:richard.jacob@de.ibm.com]
Sent: Friday, January 24, 2003 4:52 AM
To: wsrp-wsia@lists.oasis-open.org
Subject: Re: [wsrp-wsia] [change request #7] User identity
(authenticated) forpersonalization



I'm not sure we need that.
section 6.10.1 says that producers may not sopport user categories so
this
is the first part of your sentence.
The second part is surely true, but I think we don't need to mention it.
Such definitions belong to WS-Policy (declaration of required security
tokens) and WS-Security (transporting and veryfying these).


Mit freundlichen Gruessen / best regards,

        Richard Jacob
______________________________________________________
IBM Lab Boeblingen, Germany
Dept.8288, WebSphere Portal Server Development
Phone: ++49 7031 16-3469  -  Fax: ++49 7031 16-4888
Email: mailto:richard.jacob@de.ibm.com


|---------+---------------------------->
|         |           Rich             |
|         |           Thompson/Watson/I|
|         |           BM@IBMUS         |
|         |                            |
|         |           01/20/2003 05:02 |
|         |           PM               |
|---------+---------------------------->
 
>-----------------------------------------------------------------------
------------------------------------------------------------------------
---|
  |
|
  |       To:       wsrp-wsia@lists.oasis-open.org
|
  |       cc:
|
  |       Subject:  [wsrp-wsia] [change request #7] User identity
(authenticated) for personalization
|
 
>-----------------------------------------------------------------------
------------------------------------------------------------------------
---|




Document: WSRP Spec v0.9
Section: 6.10
Page/Line: 48/36-42
Requested by: Subbu Allamaraju
Old text:
Proposed text:
[addition] Sophisticated producers may completely ignore user categories
and instead rely on authenticated user and/or consumer identity for
personalization of behavior and/or markup.

Reasoning:

Sophisticated producer-consumer implementations may choose to propagate
authenticated end user security context using some (unspecified)
security mechanism. With such a security mechanism in place, a producer
may choose to use the authenticated principal and roles for
personalization in place of userContextID and userCategories.

I suggest that this section mention this possibility. This would also
address sophisticated implementations that rely only on authenticated
user identity and roles for personalization.



----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>




----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC