[IPP] Proposed errata for rfc3998

[IPP] Proposed errata for rfc3998

Ira McDonald blueroofmusic at gmail.com
Wed Nov 16 17:15:04 UTC 2011 

Hi Mike,

I suggest we either:

(1) "job-originating-user-[name/uri]" applies to the IMMEDIATE upstream
client only (no forwarding behavior) and "originating-requesting-user-name"
name holds the most authenticated original Job owner (the distant guy on
his
cellphone in the Cloud printing scenario) - I think this was the spirit
intended
by RFC 3998 - my preference.

<or>

(2) We leave 3998 alone and say that "originating-requesting-user-name"
is a weak identifier (albeit now enclosed in a TLS tunnel in IPP
Everywhere)
just like "job-name" that's meant to be used for searching and matching in
pools of jobs - not a good idea, because it makes the unverified contents
of
"requesting-user-name" into a sticky Job attribute - a bad precedent IMHO.

Cheers,
- Ira


Ira McDonald (Musician / Software Architect)
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG IPP WG
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - TCG Embedded Systems Hardcopy SG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music/High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
mailto:blueroofmusic at gmail.com
Winter  579 Park Place  Saline, MI  48176  734-944-0094
Summer  PO Box 221  Grand Marais, MI 49839  906-494-2434



On Wed, Nov 16, 2011 at 10:47 AM, Michael Sweet <msweet at apple.com> wrote:

> Pete,
>
> If we make this change, then what is the difference between
> original-requesting-user-name and job-originating-user-name?
>
> Section 10.8.4 (re)defines job-originating-user-name as the authenticated
> original user and whose value is supposed to be forwarded by each client
> unchanged... (something I am not 100% happy with since there is no
> provision for it in an IPP job submission)
>
> Seems like the original intent was for original-requesting-user-name to be
> the unauthenticated value.
>
> (and now I go off to add some text for this to JPS3 for
> job-originating-user-uri...)
>
> On Nov 16, 2011, at 3:17 AM, Zehler, Peter wrote:
>
> Please substitute “section 10.8.3 of rfc3998” for “section 10.8.8 of
> rfc3998” below.****
> ** **
> ** **
> ** **
> Peter Zehler
>
> Xerox Research Center Webster
> Email: Peter.Zehler at Xerox.com
> Voice: (585) 265-8755
> FAX: (585) 265-7441
> US Mail: Peter Zehler
> Xerox Corp.
> 800 Phillips Rd.
> M/S 128-25E
> Webster NY, 14580-9701****
> ** **
> *From:* ipp-bounces at pwg.org [mailto:ipp-bounces at pwg.org] *On Behalf Of *Zehler,
> Peter
> *Sent:* Wednesday, November 16, 2011 6:13 AM
> *To:* IPP at pwg.org
> *Subject:* [IPP] Proposed errata for rfc3998****
> ** **
> All,****
> ** **
>
> Section 10.8.2 covering “original-requesting-user-name” is a bit misleading.  The issue is that the Job owner is not always the same as the  “requesting-user-name”.   When forwarding jobs from one printer to another the “original-requesting-user-name” is the most authenticated printable name that can be obtained.  As stated in section 10.8.8 of rfc3998:  “The "job-originating-user-name" Job Description attribute (see [RFC2911], section 4.3.6) remains as the authenticated original user”.  This is inconsistent with section 10.8.2 as currently written.  Below is my proposed change to section 10.8.2.****
>
> ** **
> Original:****
> 10.8.2.  original-requesting-user-name (name(MAX)) Operation and Job****
>         Description Attribute****
> ** **
>    The operation attribute containing the user name of the original****
>    user; i.e., corresponding to the "requesting-user-name" operation****
>    attribute (see [RFC2911], section 3.2.1.1) that the original client****
>    supplied to the first Printer object.  The Printer copies the****
>    "original-requesting-user-name" operation attribute to the****
>    corresponding Job Description attribute.****
> ** **
> Corrected:****
> 10.8.2.  original-requesting-user-name (name(MAX)) Operation and Job****
>         Description Attribute****
> ** **
>    The operation attribute containing the user name of the original****
>    user; i.e., corresponding to the "job-originating-user-name" Job****
>    attribute (see [RFC2911], section 4.3.6) that identifies the Job****
>    owner on the first Printer object.  The Printer copies the****
>    "original-requesting-user-name" operation attribute to the****
>    corresponding Job Description attribute.****
> ** **
> ** **
> Peter Zehler
>
> Xerox Research Center Webster
> Email: Peter.Zehler at Xerox.com
> Voice: (585) 265-8755
> FAX: (585) 265-7441
> US Mail: Peter Zehler
> Xerox Corp.
> 800 Phillips Rd.
> M/S 128-25E
> Webster NY, 14580-9701****
> ** **
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.****
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean. _______________________________________________
> ipp mailing list
> ipp at pwg.org
> https://www.pwg.org/mailman/listinfo/ipp
>
>
> ________________________________________________________________________
> Michael Sweet, Senior Printing System Engineer, PWG Chair
>
>
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.
>
> _______________________________________________
> ipp mailing list
> ipp at pwg.org
> https://www.pwg.org/mailman/listinfo/ipp
>
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20111116/07565237/attachment-0001.html>

More information about the ipp mailing list