[Osr-101] Re: [Yulup] [PROPOSAL] Login resp. authentication element
within introspection
Andreas Wuest
andreas.wuest at wyona.com
Mon May 7 15:06:27 CEST 2007
Hi
On 6.5.2007 11:28 Uhr, Michael Wechner wrote:
> Andreas Wuest wrote:
>
>> Hi
>>
>> On 3.5.2007 11:59 Uhr, Michael Wechner wrote:
>>
>>> Hi
>>>
>>> I would like to suggest that we introduce a login resp.
>>> authentication element for introspection, e.g.
>>>
>>> <introspection>
>>>
>>> <authentication>
>>> <login url="https://foo.bar/protected.xhtml?action=login-neutron">
>>> <message>Login for realm 'Foo Bar' ...</message>
>>> <form>
>>> <param description="Username" name="username"/>
>>> <param description="Password" name="passwd"/>
>>> </form>
>>> </login>
>>> <logout url="http://foo.bar/?action=logout"/>
>>> </authentication>
>>>
>>> </introspection>
>>>
>>>
>>> which is the same as the already defined Neutron Authentication
>>>
>>> http://neutron.wyona.org/draft-neutron-protocol-v0.html#rfc.section.7.1
>>>
>>> The reason for this is that one might not want to show versions and
>>> workflows and open/save URLs to the public within the introspection
>>> document but rather user specific (which would be decided by the
>>> server).
>>>
>>> Of course one could protect the introspection document, but every
>>> time one would request a public page with a protected introspection
>>> document one would receive a login screen which doesn't really make
>>> sense.
>>>
>>> Another workaround would be to use client certificates, but it's one
>>> more complexity and also client certificates are client specific.
>>>
>>> This is why I think the authentication element would make sense also
>>> within the introspection.
>>>
>>> WDYT?
>>
>>
>> Generally, a good idea. Some points to think about:
>>
>> * What happens after login? Does the user has to reload the page then
>> in order to get extended introspection data?
>
>
> btw, I have added the proposal to
>
> http://neutron.wyona.org/amendments/authentication-within-introspection.html
>
>
> and also added your questions
Cool, thanks! :)
--
Kind regards,
Andi
More information about the Osr-101
mailing list