Ian Green wrote: > > If the "improvement" to the link display is interpreted by a consumer > > implementer as "update the persisted representation of the provider's > > resource" then data may leak outside of the provider's security model.
and Scott Bosworth replied: >....The excerpted text talks about using > these properties "to improve and replace the default link display" > and does not reference anything about updating a persisted > representation of the resource. This confuses me....I think I understand Ian's original concern about "leaking" outside the provider's security model is that when I "got" the resource from the provider, maybe I could see the title, but not the description (because the description had details that I'm not privileged to see, for example). But is this then saying that the "hover" could contain that information, and isn't filtered by the same security rules? And that's ok as long as the hover info isn't persisted? Andy Berner Lead Architect, ISV Technical Enablement and Strategy IBM Rational Business Development 972 561-6599 [email protected] Ready for IBM Rational software partner program - http://www.ibm.com/isv/rational/readyfor.html |------------> | From: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |Ian Green1 <[email protected]> | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | To: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |Scott Bosworth/Raleigh/IBM@IBMUS | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Cc: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |[email protected] | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Date: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |05/17/2010 09:23 AM | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Subject: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |Re: [oslc-core] Question on UI Preview - data refresh | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Sent by: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |[email protected] | >--------------------------------------------------------------------------------------------------------------------------------------------------| Hi Scott, How about something to the effect - "the compact rendering SHOULD NOT be used to refresh the locally stored information about a remote resource" best wishes, -ian [email protected] (Ian Green1/UK/IBM@IBMGB) Chief Software Architect, Requirements Definition and Management IBM Rational [email protected] wrote on 17/05/2010 14:17:51: > [image removed] > > Re: [oslc-core] Question on UI Preview - data refresh > > Scott Bosworth > > to: > > oslc-core > > 17/05/2010 14:18 > > Sent by: > > [email protected] > > Hi Ian. The excerpt you quote is out of the section that is giving > guidance to the consumer on how they should use the Compact > representation information to form the hyperlink (and potentially a > hover) to be displayed to the end user. The section suggests that > rather than forming the hyperlink text from local data, the consumer > can use the dc:title, dc:name, or oslc:icon values from the Compact > representation, which are presumed to have "better" information > about the referenced resource. The excerpted text talks about using > these properties "to improve and replace the default link display" > and does not reference anything about updating a persisted > representation of the resource. > > Is there a wording choice that is throwing you off here? Suggestions > as to how to improve that wording? > > Thanks...Scott > > > Scott Bosworth | IBM Rational CTO Team | [email protected] | 919. > 486.2197(w) | 919.244.3387(m) | 919.254.5271(f) > > [email protected] wrote on 05/17/2010 08:53:42 AM: > > > [image removed] > > > > [oslc-core] Question on UI Preview - data refresh > > > > Ian Green1 > > > > to: > > > > oslc-core > > > > 05/17/2010 08:53 AM > > > > Sent by: > > > > [email protected] > > > > I've raised an issue on the UP Preview spec. at [1]. > > > > My concern is over this excerpt: > > > > If this becomes known to the Consumer, the Consumer SHOULD assume that > > this information is better and use it to improve and replace the default > > link display. > > > > If the "improvement" to the link display is interpreted by a consumer > > implementer as "update the persisted representation of the provider's > > resource" then data may leak outside of the provider's security model. > > Have I misinterpreted the specification? > > > > My thinking is that the responsibilities of the UI Preview specification > > should be limited to UI Preview, and not to "refresh" of persisted data. > > > > best wishes, > > -ian > > > > [email protected] (Ian Green1/UK/IBM@IBMGB) > > Chief Software Architect, Requirements Definition and Management > > IBM Rational > > > > > > > > > > > > Unless stated otherwise above: > > IBM United Kingdom Limited - Registered in England and Wales with number > > 741598. > > Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU > > > > > > > > > > > > > > > > _______________________________________________ > > Oslc-Core mailing list > > [email protected] > > http://open-services.net/mailman/listinfo/oslc-core_open-services.net > _______________________________________________ > Oslc-Core mailing list > [email protected] > http://open-services.net/mailman/listinfo/oslc-core_open-services.net Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU _______________________________________________ Oslc-Core mailing list [email protected] http://open-services.net/mailman/listinfo/oslc-core_open-services.net
