[IPP] Proposed errata for rfc3998

[IPP] Proposed errata for rfc3998

Zehler, Peter Peter.Zehler at xerox.com
Wed Nov 16 17:51:04 UTC 2011 

Ira,

I suggest:

(1) "requesting-user-name" remains unchanged including the fact that it
may 

be ignored if a trusted value is available.
"job-originating-user-[name/uri]" 

applies to the owner of the job.  In a non-forwarding environment
nothing

changes (i.e. rfc2911).  In forwarding systems (i.e. rfc2998) nothing
changes 

for the initial printer.  The "original-requesting-user-name" is a
plumbing 

element that carries the initial job owner across the forwarding printer
chain.  
"job-originating-user-name" holds the most authenticated original Job
owner 

(the distant guy on his cellphone in the Cloud printing scenario).  The
original

Job owner should be able to list all his jobs on any of the printers in
the chain.

And perform operations on them such as canceling them  - I think this
was 

the spirit intended by RFC 3998.  It aligns 10.8.2 with 10.8.3 and
10.8.4 - my preference.

 

 

 

 

Peter Zehler

Xerox Research Center Webster
Email: Peter.Zehler at Xerox.com
Voice: (585) 265-8755
FAX: (585) 265-7441
US Mail: Peter Zehler
Xerox Corp.
800 Phillips Rd.
M/S 128-25E
Webster NY, 14580-9701 

 

From: Ira McDonald [mailto:blueroofmusic at gmail.com] 
Sent: Wednesday, November 16, 2011 12:15 PM
To: Michael Sweet; Ira McDonald
Cc: Zehler, Peter; ipp at pwg.org
Subject: Re: [IPP] Proposed errata for rfc3998

 

Hi Mike,

I suggest we either:

(1) "job-originating-user-[name/uri]" applies to the IMMEDIATE upstream 
client only (no forwarding behavior) and
"originating-requesting-user-name" 
name holds the most authenticated original Job owner (the distant guy on
his 
cellphone in the Cloud printing scenario) - I think this was the spirit
intended 
by RFC 3998 - my preference.

<or>

(2) We leave 3998 alone and say that "originating-requesting-user-name"
is a weak identifier (albeit now enclosed in a TLS tunnel in IPP
Everywhere) 
just like "job-name" that's meant to be used for searching and matching
in 
pools of jobs - not a good idea, because it makes the unverified
contents of 
"requesting-user-name" into a sticky Job attribute - a bad precedent
IMHO.

Cheers,
- Ira


Ira McDonald (Musician / Software Architect)
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG IPP WG
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - TCG Embedded Systems Hardcopy SG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music/High North Inc
http://sites.google.com/site/blueroofmusic
<http://sites.google.com/site/blueroofmusic> 
http://sites.google.com/site/highnorthinc
<http://sites.google.com/site/highnorthinc> 
mailto:blueroofmusic at gmail.com
Winter  579 Park Place  Saline, MI  48176  734-944-0094
Summer  PO Box 221  Grand Marais, MI 49839  906-494-2434





On Wed, Nov 16, 2011 at 10:47 AM, Michael Sweet <msweet at apple.com>
wrote:

Pete,

 

If we make this change, then what is the difference between
original-requesting-user-name and job-originating-user-name?

 

Section 10.8.4 (re)defines job-originating-user-name as the
authenticated original user and whose value is supposed to be forwarded
by each client unchanged... (something I am not 100% happy with since
there is no provision for it in an IPP job submission)

 

Seems like the original intent was for original-requesting-user-name to
be the unauthenticated value.

 

(and now I go off to add some text for this to JPS3 for
job-originating-user-uri...)

 

On Nov 16, 2011, at 3:17 AM, Zehler, Peter wrote:

 

	Please substitute "section 10.8.3 of rfc3998" for "section
10.8.8 of rfc3998" below.

	 

	 

	 

	Peter Zehler
	
	Xerox Research Center Webster
	Email: Peter.Zehler at Xerox.com
	Voice: (585) 265-8755 <tel:%28585%29%20265-8755> 
	FAX: (585) 265-7441 <tel:%28585%29%20265-7441> 
	US Mail: Peter Zehler
	Xerox Corp.
	800 Phillips Rd.
	M/S 128-25E
	Webster NY, 14580-9701

	 

	From: ipp-bounces at pwg.org [mailto:ipp-bounces at pwg.org] On Behalf
Of Zehler, Peter
	Sent: Wednesday, November 16, 2011 6:13 AM
	To: IPP at pwg.org
	Subject: [IPP] Proposed errata for rfc3998

	 

	All,

	 

	 
	Section 10.8.2 covering "original-requesting-user-name" is a bit
misleading.  The issue is that the Job owner is not always the same as
the  "requesting-user-name".   When forwarding jobs from one printer to
another the "original-requesting-user-name" is the most authenticated
printable name that can be obtained.  As stated in section 10.8.8 of
rfc3998:  "The "job-originating-user-name" Job Description attribute
(see [RFC2911], section 4.3.6) remains as the authenticated original
user".  This is inconsistent with section 10.8.2 as currently written.
Below is my proposed change to section 10.8.2.

	 

	Original:

	10.8.2.  original-requesting-user-name (name(MAX)) Operation and
Job

	        Description Attribute

	 

	   The operation attribute containing the user name of the
original

	   user; i.e., corresponding to the "requesting-user-name"
operation

	   attribute (see [RFC2911], section 3.2.1.1) that the original
client

	   supplied to the first Printer object.  The Printer copies the

	   "original-requesting-user-name" operation attribute to the

	   corresponding Job Description attribute.

	 

	Corrected:

	10.8.2.  original-requesting-user-name (name(MAX)) Operation and
Job

	        Description Attribute

	 

	   The operation attribute containing the user name of the
original

	   user; i.e., corresponding to the "job-originating-user-name"
Job

	   attribute (see [RFC2911], section 4.3.6) that identifies the
Job

	   owner on the first Printer object.  The Printer copies the

	   "original-requesting-user-name" operation attribute to the

	   corresponding Job Description attribute.

	 

	 

	Peter Zehler
	
	Xerox Research Center Webster
	Email: Peter.Zehler at Xerox.com <mailto:Peter.Zehler at Xerox.com> 
	Voice: (585) 265-8755 <tel:%28585%29%20265-8755> 
	FAX: (585) 265-7441 <tel:%28585%29%20265-7441> 
	US Mail: Peter Zehler
	Xerox Corp.
	800 Phillips Rd.
	M/S 128-25E
	Webster NY, 14580-9701

	 

	
	-- 
	This message has been scanned for viruses and 
	dangerous content by MailScanner <http://www.mailscanner.info/>
, and is 
	believed to be clean.

	
	-- 
	This message has been scanned for viruses and 
	dangerous content by MailScanner <http://www.mailscanner.info/>
, and is 

	believed to be clean.
_______________________________________________
	ipp mailing list
	ipp at pwg.org
	https://www.pwg.org/mailman/listinfo/ipp

 

________________________________________________________________________

Michael Sweet, Senior Printing System Engineer, PWG Chair

 

 

 

 


-- 
This message has been scanned for viruses and 
dangerous content by MailScanner <http://www.mailscanner.info/> , and is

believed to be clean. 


_______________________________________________
ipp mailing list
ipp at pwg.org
https://www.pwg.org/mailman/listinfo/ipp

 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20111116/8dbc9fcf/attachment-0001.html>

More information about the ipp mailing list