[
https://issues.apache.org/jira/browse/JUDDI-726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13864159#comment-13864159
]
Alex O'Ree commented on JUDDI-726:
----------------------------------
So if I have two UDDI servers, A and B.
A's administrator wants updates on changes to businesses in B
A's administrator sets up a subscription on server B for findBusiness, call be
back at server A's subscription notification listener.
And we proceed as expected, however...
In server A, who becomes the owning username for updates sent from server B?
How are the updates from B authenticated on A? (remember auth token is optional
on subscription callbacks, but who's auth info would it be?
Is it possible for a malicious user to just send updates to A's subscription
notification listener? I.e. register fictitious endpoints on server A without
authentication
> add source/wiki documentation for the juddi-core subscription listener
> implementation
> -------------------------------------------------------------------------------------
>
> Key: JUDDI-726
> URL: https://issues.apache.org/jira/browse/JUDDI-726
> Project: jUDDI
> Issue Type: Improvement
> Reporter: Alex O'Ree
> Assignee: Kurt T Stam
> Fix For: 3.2
>
>
> identify what its purpose is, usage scenarios
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
