attachment-0001
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Impact;
panose-1:2 11 8 6 3 9 2 5 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Geneva;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Monaco;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Ira,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I work for Xerox and we build production and enterprise systems. It is within those products that the inconsistency within the rfc3998 was at issue. I am not proposing anything for cloud printing. Although in at least some Cloud Print environments this job forwarding semantics does not apply anyway. The job is never forwarded. The job remains in the cloud and the printer updates the job status there. I see no need to restrict developers from creating insecure unaccountable products. The market will decide. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Pete<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Impact","sans-serif";color:navy'>Peter Zehler</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br><br></span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:navy'>Xerox Research Center Webster<br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>Email: <a href="mailto:Peter.Zehler@Xerox.com">Peter.Zehler@Xerox.com</a></span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>Voice: (585) 265-8755</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>FAX: (585) 265-7441</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>US Mail: Peter Zehler</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>Xerox Corp.</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>800 Phillips Rd.</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>M/S 128-25E</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>Webster NY, 14580-9701</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><span style='color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Ira McDonald [mailto:blueroofmusic@gmail.com] <br><b>Sent:</b> Wednesday, November 16, 2011 1:58 PM<br><b>To:</b> Zehler, Peter; Ira McDonald<br><b>Cc:</b> Michael Sweet; ipp@pwg.org<br><b>Subject:</b> Re: [IPP] Proposed errata for rfc3998<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Hi Pete,<br><br>That proxy via the same directory service in the same security domain<br>under a TLS tunnel is one thing.<br><br>But how do you propose that it could possibly apply in the case that<br>one or more Cloud providers and and an entirely different target domain<br>all participate to print the original client's job - letting that original client<br>directly cancel jobs on those downstream printers is going to cause real<br>headaches of accounting and security.<br><br>Cheers,<br>- Ira<br><br><br clear=all>Ira McDonald (Musician / Software Architect)<br>Chair - Linux Foundation Open Printing WG<br>Secretary - IEEE-ISTO Printer Working Group<br>Co-Chair - IEEE-ISTO PWG IPP WG<br>Co-Chair - TCG Trusted Mobility Solutions WG<br>Chair - TCG Embedded Systems Hardcopy SG<br>IETF Designated Expert - IPP & Printer MIB<br>Blue Roof Music/High North Inc<br><a href="http://sites.google.com/site/blueroofmusic" target="_blank"><span style='color:#3333FF'>http://sites.google.com/site/blueroofmusic</span></a><br><a href="http://sites.google.com/site/highnorthinc" target="_blank"><span style='color:#6600CC'>http://sites.google.com/site/highnorthinc</span></a><br>mailto:<a href="mailto:blueroofmusic@gmail.com" target="_blank">blueroofmusic@gmail.com</a><br>Winter 579 Park Place Saline, MI 48176 734-944-0094<br>Summer PO Box 221 Grand Marais, MI 49839 906-494-2434<o:p></o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><br><br><o:p></o:p></p><div><p class=MsoNormal>On Wed, Nov 16, 2011 at 1:38 PM, Zehler, Peter <<a href="mailto:Peter.Zehler@xerox.com">Peter.Zehler@xerox.com</a>> wrote:<o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Ira,</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Well I guess we just have broken systems here that use the same backend directory service. And does that mean schemes such as OAUTH are broken as well? I’m not advocating doing strong downstream or passing client secrets along. All that is required in a fan out environment is the child trust the parent. If it is a secure system it certainly won’t depend on the “requesting-user-name” and it will have a special administrative role assigned to the parent printer. The initial printer can authenticate the client. If access is permitted at the target printer then the target printer has to tie into the same authorization domain as the initial printer.</span><o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Pete</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:navy'>Peter Zehler</span><span style='font-size:11.0pt;color:#1F497D'><br><br></span><span style='font-size:10.0pt;color:navy'>Xerox Research Center Webster<br>Email: <a href="mailto:Peter.Zehler@Xerox.com" target="_blank">Peter.Zehler@Xerox.com</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Voice: <a href="tel:%28585%29%20265-8755" target="_blank">(585) 265-8755</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>FAX: <a href="tel:%28585%29%20265-7441" target="_blank">(585) 265-7441</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>US Mail: Peter Zehler</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Xerox Corp.</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>800 Phillips Rd.</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>M/S 128-25E</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Webster NY, 14580-9701</span><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt'>From:</span></b><span style='font-size:10.0pt'> Ira McDonald [mailto:<a href="mailto:blueroofmusic@gmail.com" target="_blank">blueroofmusic@gmail.com</a>] <br><b>Sent:</b> Wednesday, November 16, 2011 1:08 PM</span><o:p></o:p></p><div><p class=MsoNormal><br><b>To:</b> Michael Sweet; Ira McDonald<o:p></o:p></p></div><p class=MsoNormal><b>Cc:</b> Zehler, Peter; <a href="mailto:ipp@pwg.org" target="_blank">ipp@pwg.org</a><o:p></o:p></p><div><div><p class=MsoNormal><br><b>Subject:</b> Re: [IPP] Proposed errata for rfc3998<o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Hi,<br><br>OK - I'm mostly with Mike here.<br><br>Also, I'm pretty strongly *not* with Bill and Pete - the forwarding Printers<br>OWN the downstream Jobs and have the Job submission and access<br>control and upstream notification receipt rights.<br><br>The original Job owner (on the cellphone) queries the *original* Job at<br>the first Printer (the Cloud Print Service, typically) to see the rolled-up<br>and summarized results of the downstream Job processing.<br><br>Letting the original Job submitter cancel Jobs on way downstream Printers<br>is a severe security violation that breaks any possible scheme of access<br>control.<br><br>Where would the authentication credentials come when the downstream<br>Jobs were created by the intervening Printers.<br><br>Because I assure you that the Printers *cannot* have the private key of the <br>original Job owner and cannot keep doing strong downstream authentication <br>in so-called proxy operations (and the assumption that simple username and<br>password can just be sent forward out-of-band is hopelessly broken).<br><br>Cheers,<br>- Ira<br><br clear=all>Ira McDonald (Musician / Software Architect)<br>Chair - Linux Foundation Open Printing WG<br>Secretary - IEEE-ISTO Printer Working Group<br>Co-Chair - IEEE-ISTO PWG IPP WG<br>Co-Chair - TCG Trusted Mobility Solutions WG<br>Chair - TCG Embedded Systems Hardcopy SG<br>IETF Designated Expert - IPP & Printer MIB<br>Blue Roof Music/High North Inc<br><a href="http://sites.google.com/site/blueroofmusic" target="_blank"><span style='color:#3333FF'>http://sites.google.com/site/blueroofmusic</span></a><br><a href="http://sites.google.com/site/highnorthinc" target="_blank"><span style='color:#6600CC'>http://sites.google.com/site/highnorthinc</span></a><br>mailto:<a href="mailto:blueroofmusic@gmail.com" target="_blank">blueroofmusic@gmail.com</a><br>Winter 579 Park Place Saline, MI 48176 <a href="tel:734-944-0094" target="_blank">734-944-0094</a><br>Summer PO Box 221 Grand Marais, MI 49839 <a href="tel:906-494-2434" target="_blank">906-494-2434</a><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'><o:p> </o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Wed, Nov 16, 2011 at 12:55 PM, Michael Sweet <<a href="mailto:msweet@apple.com" target="_blank">msweet@apple.com</a>> wrote:<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Pete,<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>My point about forwarding is that the mechanism for authenticating the original-requesting-user-name and job-originating-user-name values over IPP is undefined. How/why do the child printers implicitly trust everything that is sent to them from the parent printer?<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>But again, the current wording makes original-requesting-user-name and job-originating-user-name distinctly different: original-requesting-user-name is the value that was supplied by the client while job-originating-user-name is the most authenticated name. Your proposed change would effectively make them the same, in which case we should:<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>1. Remove forwarding of job-originating-user-name entirely,<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>2. Delete original-requesting-user-name entirely, or<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>3. Make original-requesting-user-name exclusively an operation attribute and use it to pass the forwarded job-originating-user-name value in the fan-out case (this would, IMHO, be the sanest approach).<o:p></o:p></p></div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Nov 16, 2011, at 9:23 AM, Zehler, Peter wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Mike,</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>The semantics are limited to Job forwarding systems of printers (i.e. IPP Fan out and fan in). On the first system the Job’s “original-job-requesting-user-name” and “job-originating-user-name” are populated with the same value. Per rfc2911 that value is the most authenticated printable name that it can obtain from the authentication service over which the IPP operation was received. Only if such is not available, does the Printer object use the value supplied by the client in the "requesting-user-name". On the next hop is where things diverge. The upstream printer uses its own identity in the “requesting-user-name” operational attribute. It also passes along the “original-requesting-user-name” as an operational attribute. The downstream printer uses the “requesting-user-name”, or the identity obtained from a trusted protocol layer, to insure the request is from a configured upstream printer. The downstream printer then copies over the “original-job-requesting-user-name” operational attribute to the job object AND to the job object’s “job-originating-user-name”. In other words the child job is owned by the initial submitting user throughout the chain and not by the immediate parent (i.e. IPP Printers).</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Pete</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:navy'>Peter Zehler</span><span style='font-size:11.0pt;color:#1F497D'><br><br></span><span style='font-size:10.0pt;color:navy'>Xerox Research Center Webster<br>Email: <a href="mailto:Peter.Zehler@Xerox.com" target="_blank">Peter.Zehler@Xerox.com</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Voice: <a href="tel:%28585%29%20265-8755" target="_blank">(585) 265-8755</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>FAX: <a href="tel:%28585%29%20265-7441" target="_blank">(585) 265-7441</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>US Mail: Peter Zehler</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Xerox Corp.</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>800 Phillips Rd.</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>M/S 128-25E</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Webster NY, 14580-9701</span><o:p></o:p></p></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p></div><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in;border-width:initial;border-color:initial'><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt'>From:</span></b><span style='font-size:10.0pt'> Michael Sweet [mailto:<a href="mailto:msweet@apple.com" target="_blank">msweet@apple.com</a>] <br><b>Sent:</b> Wednesday, November 16, 2011 10:47 AM<br><b>To:</b> Zehler, Peter<br><b>Cc:</b> <a href="mailto:ipp@pwg.org" target="_blank">ipp@pwg.org</a><br><b>Subject:</b> Re: [IPP] Proposed errata for rfc3998</span><o:p></o:p></p></div></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Pete,<o:p></o:p></p></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>If we make this change, then what is the difference between original-requesting-user-name and job-originating-user-name?<o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Section 10.8.4 (re)defines job-originating-user-name as the authenticated original user and whose value is supposed to be forwarded by each client unchanged... (something I am not 100% happy with since there is no provision for it in an IPP job submission)<o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Seems like the original intent was for original-requesting-user-name to be the unauthenticated value.<o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>(and now I go off to add some text for this to JPS3 for job-originating-user-uri...)<o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Nov 16, 2011, at 3:17 AM, Zehler, Peter wrote:<o:p></o:p></p></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'> <o:p></o:p></p></div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>Please substitute “</span><span style='color:black'>section 10.8.3 of rfc3998” for “section 10.8.8 of rfc3998” below.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p></div></div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:navy'>Peter Zehler</span><span style='font-size:11.0pt;color:#1F497D'><br><br></span><span style='font-size:10.0pt;color:navy'>Xerox Research Center Webster<br>Email: <a href="mailto:Peter.Zehler@Xerox.com" target="_blank">Peter.Zehler@Xerox.com</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Voice: <a href="tel:%28585%29%20265-8755" target="_blank">(585) 265-8755</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>FAX: <a href="tel:%28585%29%20265-7441" target="_blank">(585) 265-7441</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>US Mail: Peter Zehler</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Xerox Corp.</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>800 Phillips Rd.</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>M/S 128-25E</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Webster NY, 14580-9701</span><o:p></o:p></p></div></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p></div></div><div><div style='border:none;border-top:solid windowtext 3.0pt;padding:3.0pt 0in 0in 0in;border-width:initial;border-color:initial;border-width:initial;border-color:initial'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt'>From:</span></b><span style='font-size:10.0pt'> <a href="mailto:ipp-bounces@pwg.org" target="_blank">ipp-bounces@pwg.org</a> <a href="mailto:[mailto:ipp-bounces@pwg.org]" target="_blank">[mailto:ipp-bounces@pwg.org]</a> <b>On Behalf Of </b>Zehler, Peter<br><b>Sent:</b> Wednesday, November 16, 2011 6:13 AM<br><b>To:</b> <a href="mailto:IPP@pwg.org" target="_blank">IPP@pwg.org</a><br><b>Subject:</b> [IPP] Proposed errata for rfc3998</span><o:p></o:p></p></div></div></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:black'>All,</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:black'> </span><o:p></o:p></p></div></div><pre><span style='font-size:12.0pt;color:black'>Section 10.8.2 covering “original-requesting-user-name” is a bit misleading. The issue is that the Job owner is not always the same as the “requesting-user-name”. When forwarding jobs from one printer to another the “original-requesting-user-name” is the most authenticated printable name that can be obtained. As stated in section 10.8.8 of rfc3998: “The "job-originating-user-name" Job Description attribute (see [RFC2911], section 4.3.6) remains as the authenticated original user”. This is inconsistent with section 10.8.2 as currently written. Below is my proposed change to section 10.8.2.</span><o:p></o:p></pre><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>Original:</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>10.8.2. original-requesting-user-name (name(MAX)) Operation and Job</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'> Description Attribute</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'> The operation attribute containing the user name of the original</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'> user; i.e., corresponding to the "requesting-user-name" operation</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'> attribute (see [RFC2911], section 3.2.1.1) that the original client</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'> supplied to the first Printer object. The Printer copies the</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'> "original-requesting-user-name" operation attribute to the</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'> corresponding Job Description attribute.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt'>Corrected:</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>10.8.2. original-requesting-user-name (name(MAX)) Operation and Job</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'> Description Attribute</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'> The operation attribute containing the user name of the original</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'> user; i.e., corresponding to the <span style='background:yellow'>"job-originating-user-name" Job</span></span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black;background:yellow'> attribute (see [RFC2911], section 4.3.6)</span><span style='font-size:10.0pt;font-family:"Courier New";color:black'> that identifies the <span style='background:yellow'>Job</span></span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black;background:yellow'> owner on</span><span style='font-size:10.0pt;font-family:"Courier New";color:black'> the first Printer object. The Printer copies the</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'> "original-requesting-user-name" operation attribute to the</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'> corresponding Job Description attribute.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:navy'>Peter Zehler</span><span style='font-size:11.0pt;color:#1F497D'><br><br></span><span style='font-size:10.0pt;color:navy'>Xerox Research Center Webster<br>Email: </span><span style='font-size:11.0pt'><a href="mailto:Peter.Zehler@Xerox.com" target="_blank"><span style='font-size:10.0pt'>Peter.Zehler@Xerox.com</span></a><span style='color:#1F497D'><br></span></span><span style='font-size:10.0pt;color:navy'>Voice: <a href="tel:%28585%29%20265-8755" target="_blank">(585) 265-8755</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>FAX: <a href="tel:%28585%29%20265-7441" target="_blank">(585) 265-7441</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>US Mail: Peter Zehler</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Xerox Corp.</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>800 Phillips Rd.</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>M/S 128-25E</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Webster NY, 14580-9701</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><br>-- <br>This message has been scanned for viruses and <br>dangerous content by <a href="http://www.mailscanner.info/" target="_blank"><b>MailScanner</b></a>, and is <br>believed to be clean.<o:p></o:p></p></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:13.5pt;font-family:"Geneva","serif"'><br>-- <br>This message has been scanned for viruses and <br>dangerous content by <a href="http://www.mailscanner.info/" target="_blank"><b>MailScanner</b></a>, and is <br>believed to be clean. _______________________________________________<br>ipp mailing list<br><a href="mailto:ipp@pwg.org" target="_blank">ipp@pwg.org</a><br><a href="https://www.pwg.org/mailman/listinfo/ipp" target="_blank">https://www.pwg.org/mailman/listinfo/ipp</a></span><o:p></o:p></p></div></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:13.5pt;font-family:"Monaco","serif";color:black'>________________________________________________________________________</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:13.5pt;font-family:"Monaco","serif";color:black'>Michael Sweet, Senior Printing System Engineer, PWG Chair</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:13.5pt;font-family:"Monaco","serif";color:black'> </span><o:p></o:p></p></div></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:13.5pt;font-family:"Geneva","serif";color:black'> </span><o:p></o:p></p></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'> <o:p></o:p></p></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div></div></div></blockquote></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:13.5pt;font-family:"Monaco","serif";color:black'>________________________________________________________________________</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:13.5pt;font-family:"Monaco","serif";color:black'>Michael Sweet, Senior Printing System Engineer, PWG Chair</span><o:p></o:p></p></div></div></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><br>-- <br>This message has been scanned for viruses and <br>dangerous content by <a href="http://www.mailscanner.info/" target="_blank"><b>MailScanner</b></a>, and is <br>believed to be clean. <o:p></o:p></p></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'><br>_______________________________________________<br>ipp mailing list<br><a href="mailto:ipp@pwg.org" target="_blank">ipp@pwg.org</a><br><a href="https://www.pwg.org/mailman/listinfo/ipp" target="_blank">https://www.pwg.org/mailman/listinfo/ipp</a><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div></div></div></div><p class=MsoNormal><o:p> </o:p></p></div><br />--
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</body></html>