I've raised an issue on the UP Preview spec. at [1].
My concern is over this excerpt:
If this becomes known to the Consumer, the Consumer SHOULD assume that
this information is better and use it to improve and replace the default
link display.
If the "improvement" to the link display is interpreted by a consumer
implementer as "update the persisted representation of the provider's
resource" then data may leak outside of the provider's security model.
Have I misinterpreted the specification?
My thinking is that the responsibilities of the UI Preview specification
should be limited to UI Preview, and not to "refresh" of persisted data.
best wishes,
-ian
[email protected] (Ian Green1/UK/IBM@IBMGB)
Chief Software Architect, Requirements Definition and Management
IBM Rational
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
