RE: [wsrp-wsia] [change request #138] Transferring information toproxied resources - Andre Kramer - org.oasis-open.lists.wsrp-wsia

310 messages in org.oasis-open.lists.wsrp-wsiaRE: [wsrp-wsia] [change request #138]...

From	Sent On	Attachments
113 earlier messages
Rich Thompson	Jan 27, 2003 5:15 am
Rich Thompson	Jan 27, 2003 5:19 am
Rich Thompson	Jan 27, 2003 6:06 am
Rich Thompson	Jan 27, 2003 6:21 am
Rich Thompson	Jan 27, 2003 6:28 am
Rich Thompson	Jan 27, 2003 7:00 am
Rich Thompson	Jan 27, 2003 7:01 am
Rich Thompson	Jan 27, 2003 7:03 am
Rich Thompson	Jan 27, 2003 7:06 am
Rich Thompson	Jan 27, 2003 7:08 am
Rich Thompson	Jan 27, 2003 7:12 am
Rich Thompson	Jan 27, 2003 7:14 am
Rich Thompson	Jan 27, 2003 7:20 am
Rich Thompson	Jan 27, 2003 7:22 am
Rich Thompson	Jan 27, 2003 7:25 am
Rich Thompson	Jan 27, 2003 8:41 am
Rich Thompson	Jan 27, 2003 8:44 am
Rich Thompson	Jan 27, 2003 8:46 am
Rich Thompson	Jan 27, 2003 8:48 am
Rich Thompson	Jan 27, 2003 8:51 am
Rich Thompson	Jan 27, 2003 8:53 am
Rich Thompson	Jan 27, 2003 8:56 am
Subbu Allamaraju	Jan 27, 2003 9:05 am
Rich Thompson	Jan 27, 2003 5:50 pm
Rex Brooks	Jan 28, 2003 6:39 am
Rich Thompson	Jan 28, 2003 12:41 pm
Rich Thompson	Jan 28, 2003 12:43 pm
Rich Thompson	Feb 6, 2003 11:30 am
Rich Thompson	Feb 7, 2003 7:02 am
Rich Thompson	Feb 7, 2003 7:10 am
Michael Freedman	Feb 9, 2003 6:19 pm
Eilon Reshef	Feb 10, 2003 9:39 pm
Rich Thompson	Feb 11, 2003 11:19 am
Rich Thompson	Feb 11, 2003 11:19 am
Rich Thompson	Feb 12, 2003 7:07 am
Rich Thompson	Feb 12, 2003 7:09 am
Rich Thompson	Feb 12, 2003 7:12 am
Rich Thompson	Feb 12, 2003 7:15 am
Rich Thompson	Feb 12, 2003 8:35 am
Rich Thompson	Feb 12, 2003 8:44 am
Rich Thompson	Feb 12, 2003 8:47 am
Rich Thompson	Feb 12, 2003 8:54 am
Rich Thompson	Feb 12, 2003 9:06 am
Michael Freedman	Feb 12, 2003 10:56 am
Michael Freedman	Feb 12, 2003 11:04 am
Rich Thompson	Feb 12, 2003 11:43 am
Michael Freedman	Feb 12, 2003 11:47 am
Rich Thompson	Feb 12, 2003 12:04 pm
Michael Freedman	Feb 12, 2003 6:15 pm
Andre Kramer	Feb 13, 2003 3:14 am
Andre Kramer	Feb 13, 2003 3:40 am
Andre Kramer	Feb 13, 2003 4:03 am
Subbu Allamaraju	Feb 13, 2003 10:54 am
Rich Thompson	Feb 13, 2003 10:55 am
Alejandro Abdelnur	Feb 13, 2003 11:02 am
Michael Freedman	Feb 13, 2003 11:30 am
Michael Freedman	Feb 13, 2003 12:01 pm
Alejandro Abdelnur	Feb 13, 2003 1:29 pm
Michael Freedman	Feb 13, 2003 2:03 pm
Alejandro Abdelnur	Feb 13, 2003 2:27 pm
Eilon Reshef	Feb 13, 2003 2:37 pm
Eilon Reshef	Feb 13, 2003 2:37 pm
Michael Freedman	Feb 13, 2003 3:56 pm
Michael Freedman	Feb 13, 2003 3:58 pm
Andre Kramer	Feb 14, 2003 1:17 am
Rich Thompson	Feb 14, 2003 10:26 am
Rich Thompson	Feb 14, 2003 11:01 am
Subbu Allamaraju	Feb 14, 2003 11:09 am
Rich Thompson	Feb 14, 2003 12:26 pm
Rich Thompson	Feb 14, 2003 12:42 pm
Richard Jacob	Feb 17, 2003 1:09 am
Rich Thompson	Feb 18, 2003 11:42 am
Rich Thompson	Feb 18, 2003 11:56 am
Rich Thompson	Feb 18, 2003 12:03 pm
Rich Thompson	Feb 18, 2003 12:56 pm
Michael Freedman	Feb 18, 2003 3:12 pm
Rich Thompson	Feb 19, 2003 5:42 am
Rich Thompson	Feb 19, 2003 7:24 am
Rich Thompson	Feb 19, 2003 7:40 am
Rich Thompson	Feb 19, 2003 7:46 am
Rich Thompson	Feb 19, 2003 7:53 am
Rich Thompson	Feb 19, 2003 7:55 am
Rich Thompson	Feb 19, 2003 8:02 am
Rich Thompson	Feb 19, 2003 8:07 am
Rich Thompson	Feb 19, 2003 8:12 am
Rich Thompson	Feb 19, 2003 8:16 am
Rich Thompson	Feb 19, 2003 8:21 am
Rich Thompson	Feb 19, 2003 8:24 am
Rich Thompson	Feb 19, 2003 8:27 am
Rich Thompson	Feb 19, 2003 8:30 am
Rich Thompson	Feb 19, 2003 8:33 am
Rich Thompson	Feb 19, 2003 8:55 am	.bin, .bin
Michael Freedman	Feb 19, 2003 8:56 am
Rich Thompson	Feb 19, 2003 11:43 am
Rich Thompson	Feb 20, 2003 6:40 am
Rich Thompson	Feb 20, 2003 6:43 am
Michael Freedman	Feb 20, 2003 1:57 pm
Michael Freedman	Feb 20, 2003 2:04 pm
Andre Kramer	Feb 21, 2003 1:30 am
Rich Thompson	Feb 21, 2003 4:25 am
97 later messages

Subject:	RE: [wsrp-wsia] [change request #138] Transferring information toproxied resources
From:	Andre Kramer (andr...@eu.citrix.com)
Date:	Feb 13, 2003 3:14:54 am
List:	org.oasis-open.lists.wsrp-wsia

Do we really need to forward cookies from the consumer? The Servlet API has a method to encode the session identifier in URLs (note: other means for tracking a session may be in place). Why not encode the JSESSIONID in the resource URL? Implementations can then convert this value to a cookie and forward the http request locally (producer side, with JSESSION cookie set, sort of like a reverse Web proxy).

[This encodes a random identifier in the URL and so does not leak sensitive information, if that was a concern.]

We already have PortletDescription.userContextStoredInSession and PortletDescription.templatesStoredInSession so a producer already has all the machinery to:

1) reference a session from a resource URL 2) inject the session ID into the load balancing 3) make sure the session is provisioned with WSRP data

Therefore I don't think we need add anything.

Also, what about direct URL requests from the Web browser? Should they not be able to reference the producer session data also? The above scheme would work for both Web user agent and consumer resource requests (and even re-directs).

regards, Andre

-----Original Message----- From: Rich Thompson [mailto:ric...@us.ibm.com] Sent: 12 February 2003 20:05 To: wsrp...@lists.oasis-open.org Subject: Re: [wsrp-wsia] [change request #138] Transferring information to proxied resources

I think we can just extend this one, basically a new section between 10.3 and 10.4 with forward references from sections 10.2.1.1.4 and 10.2.2.7. Something like "Using Resources".

Rich Thompson

Michael Freedman <Mich...@oracle.com> 02/12/2003 01:47 PM

To: wsrp...@lists.oasis-open.org cc: Subject: Re: [wsrp-wsia] [change request #138] Transferring information to proxied resources

I had already assumed that cookies had to be provided according to cookie domain rules -- but yes its probably worth the clarification. Also just remembered that in addition to this information we probably need a way to transfer the rewrite templates to the resource as well so it can generate new links that are proxied. Can you just make a note to extend this item or should I open a new one? -Mike-

Document: Spec Section: 10.3.3 Page/Line: New section Requested by: Mike Freedman Old text: New text: New section describing how userContext/Profile information is passed to resources.

Reasoning: Specification doesn't define how a portlet can transfer userContext/Profile information to proxied resources. As I don't recall ever discussing it I want to find out if it should be left as is -- i.e. an exercise for the portlet developer or we should define special http headers to carry this information. The problem with the former [current model] is that this information will commonly be carried all the way back

to the client and appear in plain text in the browser URL -- folks may freak seeing their UserId of personal profile information in a browser URL. If we define specific headers to carry this we not only make it easy for the portlet developer as they don't have to encode/decode URLs but also achieve more safety as this information is only represented between the consumer and the producer. Note: if we go this later route we will probably want to add a boolean or two to the resourceURL consumer/producer mechanism so they can control whether this information needs to be past or not [optimization].

[RT] Good point on providing this type of guidance. There are significant

security and privacy issues in having this information appear either in the URL or headers. Another alternative would be to suggest using an indirection in the URL which allows the resource to locate the information (likely an indication of the sessionID). This allows locating any information the Portlet is willing to make available. Should we also discuss whether cookies have to be connected back to the proxied resource

the same as to the Portlet?

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets