Hi Mike,
I suggest we either:
(1) "job-originating-user-[name/uri]" applies to the IMMEDIATE upstream
client only (no forwarding behavior) and "originating-requesting-user-name"
name holds the most authenticated original Job owner (the distant guy on
his
cellphone in the Cloud printing scenario) - I think this was the spirit
intended
by RFC 3998 - my preference.
<or>
(2) We leave 3998 alone and say that "originating-requesting-user-name"
is a weak identifier (albeit now enclosed in a TLS tunnel in IPP
Everywhere)
just like "job-name" that's meant to be used for searching and matching in
pools of jobs - not a good idea, because it makes the unverified contents
of
"requesting-user-name" into a sticky Job attribute - a bad precedent IMHO.
Cheers,
- Ira
Ira McDonald (Musician / Software Architect)
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG IPP WG
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - TCG Embedded Systems Hardcopy SG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music/High North Inc
http://sites.google.com/site/blueroofmusichttp://sites.google.com/site/highnorthinc
mailto:blueroofmusic at gmail.com
Winter 579 Park Place Saline, MI 48176 734-944-0094
Summer PO Box 221 Grand Marais, MI 49839 906-494-2434
On Wed, Nov 16, 2011 at 10:47 AM, Michael Sweet <msweet at apple.com> wrote:
> Pete,
>> If we make this change, then what is the difference between
> original-requesting-user-name and job-originating-user-name?
>> Section 10.8.4 (re)defines job-originating-user-name as the authenticated
> original user and whose value is supposed to be forwarded by each client
> unchanged... (something I am not 100% happy with since there is no
> provision for it in an IPP job submission)
>> Seems like the original intent was for original-requesting-user-name to be
> the unauthenticated value.
>> (and now I go off to add some text for this to JPS3 for
> job-originating-user-uri...)
>> On Nov 16, 2011, at 3:17 AM, Zehler, Peter wrote:
>> Please substitute “section 10.8.3 of rfc3998” for “section 10.8.8 of
> rfc3998” below.****
> ** **
> ** **
> ** **
> Peter Zehler
>> Xerox Research Center Webster
> Email: Peter.Zehler at Xerox.com> Voice: (585) 265-8755
> FAX: (585) 265-7441
> US Mail: Peter Zehler
> Xerox Corp.
> 800 Phillips Rd.
> M/S 128-25E
> Webster NY, 14580-9701****
> ** **
> *From:* ipp-bounces at pwg.org [mailto:ipp-bounces at pwg.org] *On Behalf Of *Zehler,
> Peter
> *Sent:* Wednesday, November 16, 2011 6:13 AM
> *To:* IPP at pwg.org> *Subject:* [IPP] Proposed errata for rfc3998****
> ** **
> All,****
> ** **
>> Section 10.8.2 covering “original-requesting-user-name” is a bit misleading. The issue is that the Job owner is not always the same as the “requesting-user-name”. When forwarding jobs from one printer to another the “original-requesting-user-name” is the most authenticated printable name that can be obtained. As stated in section 10.8.8 of rfc3998: “The "job-originating-user-name" Job Description attribute (see [RFC2911], section 4.3.6) remains as the authenticated original user”. This is inconsistent with section 10.8.2 as currently written. Below is my proposed change to section 10.8.2.****
>> ** **
> Original:****
> 10.8.2. original-requesting-user-name (name(MAX)) Operation and Job****
> Description Attribute****
> ** **
> The operation attribute containing the user name of the original****
> user; i.e., corresponding to the "requesting-user-name" operation****
> attribute (see [RFC2911], section 3.2.1.1) that the original client****
> supplied to the first Printer object. The Printer copies the****
> "original-requesting-user-name" operation attribute to the****
> corresponding Job Description attribute.****
> ** **
> Corrected:****
> 10.8.2. original-requesting-user-name (name(MAX)) Operation and Job****
> Description Attribute****
> ** **
> The operation attribute containing the user name of the original****
> user; i.e., corresponding to the "job-originating-user-name" Job****
> attribute (see [RFC2911], section 4.3.6) that identifies the Job****
> owner on the first Printer object. The Printer copies the****
> "original-requesting-user-name" operation attribute to the****
> corresponding Job Description attribute.****
> ** **
> ** **
> Peter Zehler
>> Xerox Research Center Webster
> Email: Peter.Zehler at Xerox.com> Voice: (585) 265-8755
> FAX: (585) 265-7441
> US Mail: Peter Zehler
> Xerox Corp.
> 800 Phillips Rd.
> M/S 128-25E
> Webster NY, 14580-9701****
> ** **
>> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.****
>> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean. _______________________________________________
> ipp mailing list
>ipp at pwg.org>https://www.pwg.org/mailman/listinfo/ipp>>> ________________________________________________________________________
> Michael Sweet, Senior Printing System Engineer, PWG Chair
>>>>>>> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.
>> _______________________________________________
> ipp mailing list
>ipp at pwg.org>https://www.pwg.org/mailman/listinfo/ipp>>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20111116/07565237/attachment-0001.html>