OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsrp-wsia message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [wsrp-wsia] [change request #140] AddPortletDescription.onlySecure?

Yes, that is what we decided.  This gives us a facility to determine the 
needs on a per request basis. However JSR 168 has decided to 
additionally describe the situation where all communciation to the 
portlet must be secure -- the value we/they found is that the consumer 
may want/choose to present the portlet differently if it knows up front 
that it must run securely.  I.e. it may render a lock icon next to the 
portlet name in the portlet repository or it may only allow such 
portlets to be placed on "secure" pages.  So this items asks both "do we 
want to keep in sync with JSR 168" and "do we see the same value"?  If 
either answer is true then we should add something.
     -Mike-

Rich Thompson wrote:

>Document: Spec
>Section:  5.1.11
>Page/Line: 20/14
>Requested by: Mike Freedman
>Old text:
>New text: [O] boolean onlySecure
>
>Reasoning: At the last F2F we removed setting of security requirements 
>from none, some, all in deference for only supporting some.  There is 
>value to the consumer in knowing that a portlet runs entirely in secure 
>mode -- e.g. a portal may signify this portlet in a special way in the 
>portlet respository/toolbox and only allow it to be added to "secure" 
>pages.  Shouldn't we allow a portlet to signify this?  Note: doing so puts 
>us in tighter alignment with JSR 168 which allows this information to be 
>declared/specified.
>
>[RT] My understanding of the F2F discussions was that one only needed to 
>know the security for the "default" markup (e.g. for the initial page). 
>After that, the page must be secure if any of the portlets has a current 
>indication that secure communication is required and is allowed to be 
>unsecure only if there are no portlets with such current indicators.
>
>----------------------------------------------------------------
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.oasis-open.org/ob/adm.pl>
>  
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC