On 9/10/07, Assaf Arkin <[EMAIL PROTECTED]> wrote: > > On 9/10/07, Alex Boisvert <[EMAIL PROTECTED]> wrote: > > That's not the point. You may still want to have only JohnDoe or any HR > > personnel invoke a specific operation, irrespective of whether the > > operation > > is a workflow task. > > .. or fail the activity? I'm totally missing how the activity expects to > behave.
Similar to correlation on a receive, assertions effectively guard the activity from executing until all the necessary conditions have been met. Loosely coupled is different from distributed. In a loosely coupled > architecture you > a) never trust the client inputs but validate them yourself, and b) never > provide more information than you want a service to act upon Completely agree. That part we know works very well: HTTP basic/digest, WSSE security token, > SAML, JDBC, FTP, SSH, POP3, etc. How do we send roles with assertions > around? Can I send root (but treat as user) to a service that might then > end up being a JDBC call or SSH invocation? Speaking of Unix, "sudo" is a great example of role activation. Assertions don't require trust in the sender/invoker; they only require trust in the signer. Roles are a form of credential so it's legitimate to pass them around. alex
