OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsrp-wsia message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [wsrp-wsia] [change request #140] Add PortletDescription.onlySecure?


This flag would let the producer enforce some level of 
transport-guaratee irrespetive of how a link was created, and what 
scheme the consumer used to communicate with the producer.

I see it being similar to transport-guarantee settings in webapps, and 
when a guaratee is specified, the container (the producer) can refuse to 
serve the request when the guarantee is met.

Regards,

Subbu

Andre Kramer wrote:
> Such a simple flag would help a consumer pick https bindings to talk to the
> producer, ensuring that at least some secure Portlets are likely to be
> secure.
> 
> -----Original Message-----
> From: Rich Thompson [mailto:richt2@us.ibm.com]
> Sent: 12 February 2003 16:55
> To: wsrp-wsia@lists.oasis-open.org
> Subject: [wsrp-wsia] [change request #140] Add
> PortletDescription.onlySecure?
> 
> 
> Document: Spec
> Section:  5.1.11
> Page/Line: 20/14
> Requested by: Mike Freedman
> Old text:
> New text: [O] boolean onlySecure
> 
> Reasoning: At the last F2F we removed setting of security requirements 
> from none, some, all in deference for only supporting some.  There is 
> value to the consumer in knowing that a portlet runs entirely in secure 
> mode -- e.g. a portal may signify this portlet in a special way in the 
> portlet respository/toolbox and only allow it to be added to "secure" 
> pages.  Shouldn't we allow a portlet to signify this?  Note: doing so puts 
> us in tighter alignment with JSR 168 which allows this information to be 
> declared/specified.
> 
> [RT] My understanding of the F2F discussions was that one only needed to 
> know the security for the "default" markup (e.g. for the initial page). 
> After that, the page must be secure if any of the portlets has a current 
> indication that secure communication is required and is allowed to be 
> unsecure only if there are no portlets with such current indicators.
> 
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
> 
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC