Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [higgins-dev] [IdAS] registered Contexts
You're right of course, I skipped tracks there. I need to regroup my thoughts.
 
So we want a way to enumerate contextRefs. Some issues are:
 
- Do we want to distinguish between, (a) opened contexts, (b) instantiated contexts, and (c) potential contexts?
- Of the contextRef's available to be returned (possibly considering each of the three types above), are some only viewable by certain identities?
 
I don't know how IdAS -- other than config/policy one would restrict access to (b) or (c) to certain parties. I can see how one could do it with identities for (a).
 
<this is likely something better suited for phone or f2f>
Because I don't understand the deployment scenarios, I still don't really understand the need to restrict contextRef's at the IdAS level. I guess your scenario is where there is a public IdAS service (I guess there would be a protocol fronting this) where anyone can enumerate all contextRefs (say a and b types), and I happened to do this find one that contained the text "drug dealers for bgyrd@xxxxxxxx". From that, I can guess that you have a list of drug dealers. Thus, (assuming this public IdAS service fronted by some protocol) you'd like to make your contextRef's private. I guess this also assumes some kind of session knowledge or something that is used to distinguish between you and me as we're interacting with this service.
 
If this is the scenario you're thinking of, it may be one of those things we need more tangible use cases/requirements around before defining.  For example, I may want to make some of my contextRefs available to family members, some others available to friends, some only to me, and others publically available.
 
Jim
 


>>> Greg Byrd <gbyrd@xxxxxxxx> 8/15/06 3:46 PM >>>
Jim Sermersheim wrote:
>  <snip>
> I can't see where it's ever safe to return a context which has been
> open as a different person. That's like logging into one's workstation
> and allowing someone else to take over. I think the sharing of open
> contexts between trusted parties as being beyond the purview of IdAS.

But we're talking about ContextRefs, not Contexts.  I completely agree
that an open Context should never be passed to someone else.  But have a
ContextRef does not give me permission to do anything.  It simply gives
me a handle that I can use to create and open a different Context to the
same data source.


_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

Back to the top