OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wsrp message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Consumer cookie handling use cases

Hello all,

Sorry to take so long to get the use-cases out for this.  As I 
understand the issue, we have a mis-match between different consumers' 
handling of cookies set by producer portlets and how they are shared 
with other producers accessed by the consumer for the same user.

Use case 1: sharing cookies with other producers.

A consumer is consuming portlets from producer A and producer B; if one 
of the portlets on producer A sets an authentication cookie for 
single-sign-on functionality, portlets on producer B would want to 
receive that cookie to prevent the user from having to authenticate with 
a portlet on producer B as well.

Use case 2: isolating cookies to individual producers

A consumer is consuming portlets from producer C and producer D.  A 
portlet on producer C may set the same cookie name (with different 
semantics) as a portlet on producer D; these cookies ideally would not 
collide but be provided to each producer as they were set for that producer.

Alternately, producer C and D may be from different organizations, and 
authentication-type cookies should not be shared between the producers 
for security reasons.

I believe both are valid use-cases.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]