[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [wsrp][security] End user identity
Thanks Rich, You are right about my mix-up. I will circulate a fixed version after Wednesday's call, integrating people's remarks, and it will be fixed there. I don't know if the term "authenticated" is the right one for #3, it is kind of used here for historical reasons... If you come up with a better name for this I will change it. I don't think there is any relation between how the user was identified by the portal and the information the portal sends to the portlet. The passwords that are passed to the portlet are not necessarily those passed to the portal, they can be based on some mechanism of letting the user\admin define that for portlet X, that is based on some back-end app, pass a specific set of credentials that is needed for that back-end app. Yossi. -----Original Message----- From: Rich Thompson [mailto:richt2@us.ibm.com] Sent: Monday, April 08, 2002 8:28 PM To: wsrp@lists.oasis-open.org Subject: Re: [wsrp][security] End user identity Yossi, Thanks for capturing this discussion, I think you interchanged producer and consumer in the 3rd sentence of #2 (I think it should be "The producer could expose in its metadata that it requires the user's zip code, and the consumer would pass that property to him"). On a side note: It bothers me a bit that the term "Authenticated" is being used in the case where credentials are being presented to the producer so that the producer may independently authenticate the user (or use the credentials for authentication to some other system). To me "Authenticated" implies the portal has already authenticated the user and is telling the portlet to trust that authentication. Is it useful for there to be 3 levels of the portal identification of the End-User (anonymous, identified (eg. read from a cookie) & authenticated (eg. password entered)) prior to credentials being made available to the portlet? Rich "Tamari, Yossi" <yossi.tamari@sapp To: "'wsrp@lists.oasis-open.org'" ortals.com> <wsrp@lists.oasis-open.org> cc: 04/08/2002 12:38 Subject: [wsrp][security] End user identity PM Here is the extended end user identity document according to agenda item 3.5 from the last conference call. <<End User Identity.doc>> <<End User Identity.htm>> <<End User Identity.PDF>> Yossi. #### End User Identity.doc has been removed from this note on April 08 2002 by Rich Thompson #### End User Identity.htm has been removed from this note on April 08 2002 by Rich Thompson #### End User Identity.PDF has been removed from this note on April 08 2002 by Rich Thompson ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC