attachment-0001

<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Impact;
        panose-1:2 11 8 6 3 9 2 5 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
        {font-family:Geneva;
        panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:Monaco;
        panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;}
span.EmailStyle20
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma","sans-serif";}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Ira,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I work for Xerox and we build production and enterprise systems.&nbsp; It is within those products that the inconsistency within the rfc3998 was at issue.&nbsp; I am not proposing anything for cloud printing.&nbsp; Although in at least some Cloud Print environments this job forwarding semantics does not apply anyway.&nbsp; The job is never forwarded.&nbsp; The job remains in the cloud and the printer updates the job status there.&nbsp; I see no need to restrict developers from creating insecure unaccountable products.&nbsp; The market will decide. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Pete<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Impact","sans-serif";color:navy'>Peter Zehler</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br><br></span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:navy'>Xerox Research Center Webster<br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>Email: <a href="mailto:Peter.Zehler@Xerox.com">Peter.Zehler@Xerox.com</a></span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>Voice: (585) 265-8755</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>FAX: (585) 265-7441</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>US Mail: Peter Zehler</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>Xerox Corp.</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>800 Phillips Rd.</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>M/S 128-25E</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>Webster NY, 14580-9701</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><span style='color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Ira McDonald [mailto:blueroofmusic@gmail.com] <br><b>Sent:</b> Wednesday, November 16, 2011 1:58 PM<br><b>To:</b> Zehler, Peter; Ira McDonald<br><b>Cc:</b> Michael Sweet; ipp@pwg.org<br><b>Subject:</b> Re: [IPP] Proposed errata for rfc3998<o:p></o:p></span></p><p class=MsoNormal><o:p>&nbsp;</o:p></p><p class=MsoNormal>Hi Pete,<br><br>That proxy via the same directory service in the same security domain<br>under a TLS tunnel is one thing.<br><br>But how do you propose that it could possibly apply in the case that<br>one or more Cloud providers and and an entirely different target domain<br>all participate to print the original client's job - letting that original client<br>directly cancel jobs on those downstream printers is going to cause real<br>headaches of accounting and security.<br><br>Cheers,<br>- Ira<br><br><br clear=all>Ira McDonald (Musician / Software Architect)<br>Chair - Linux Foundation Open Printing WG<br>Secretary - IEEE-ISTO Printer Working Group<br>Co-Chair - IEEE-ISTO PWG IPP WG<br>Co-Chair - TCG Trusted Mobility Solutions WG<br>Chair - TCG Embedded Systems Hardcopy SG<br>IETF Designated Expert - IPP &amp; Printer MIB<br>Blue Roof Music/High North Inc<br><a href="http://sites.google.com/site/blueroofmusic" target="_blank"><span style='color:#3333FF'>http://sites.google.com/site/blueroofmusic</span></a><br><a href="http://sites.google.com/site/highnorthinc" target="_blank"><span style='color:#6600CC'>http://sites.google.com/site/highnorthinc</span></a><br>mailto:<a href="mailto:blueroofmusic@gmail.com" target="_blank">blueroofmusic@gmail.com</a><br>Winter&nbsp; 579 Park Place&nbsp; Saline, MI&nbsp; 48176&nbsp; 734-944-0094<br>Summer&nbsp; PO Box 221&nbsp; Grand Marais, MI 49839&nbsp; 906-494-2434<o:p></o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><br><br><o:p></o:p></p><div><p class=MsoNormal>On Wed, Nov 16, 2011 at 1:38 PM, Zehler, Peter &lt;<a href="mailto:Peter.Zehler@xerox.com">Peter.Zehler@xerox.com</a>&gt; wrote:<o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Ira,</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Well I guess we just have broken systems here that use the same backend directory service.&nbsp; And does that mean schemes such as OAUTH are broken as well?&nbsp; I&#8217;m not advocating doing strong downstream or passing client secrets along.&nbsp; All that is required in a fan out environment is the child trust the parent.&nbsp; If it is a secure system it certainly won&#8217;t depend on the &#8220;requesting-user-name&#8221; and it will have a special administrative role assigned to the parent printer.&nbsp; The initial printer can authenticate the client.&nbsp; If access is permitted at the target printer then the target printer has to tie into the same authorization domain as the initial printer.</span><o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Pete</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:navy'>Peter Zehler</span><span style='font-size:11.0pt;color:#1F497D'><br><br></span><span style='font-size:10.0pt;color:navy'>Xerox Research Center Webster<br>Email: <a href="mailto:Peter.Zehler@Xerox.com" target="_blank">Peter.Zehler@Xerox.com</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Voice: <a href="tel:%28585%29%20265-8755" target="_blank">(585) 265-8755</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>FAX: <a href="tel:%28585%29%20265-7441" target="_blank">(585) 265-7441</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>US Mail: Peter Zehler</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Xerox Corp.</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>800 Phillips Rd.</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>M/S 128-25E</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Webster NY, 14580-9701</span><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt'>From:</span></b><span style='font-size:10.0pt'> Ira McDonald [mailto:<a href="mailto:blueroofmusic@gmail.com" target="_blank">blueroofmusic@gmail.com</a>] <br><b>Sent:</b> Wednesday, November 16, 2011 1:08 PM</span><o:p></o:p></p><div><p class=MsoNormal><br><b>To:</b> Michael Sweet; Ira McDonald<o:p></o:p></p></div><p class=MsoNormal><b>Cc:</b> Zehler, Peter; <a href="mailto:ipp@pwg.org" target="_blank">ipp@pwg.org</a><o:p></o:p></p><div><div><p class=MsoNormal><br><b>Subject:</b> Re: [IPP] Proposed errata for rfc3998<o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Hi,<br><br>OK - I'm mostly with Mike here.<br><br>Also, I'm pretty strongly *not* with Bill and Pete - the forwarding Printers<br>OWN the downstream Jobs and have the Job submission and access<br>control and upstream notification receipt rights.<br><br>The original Job owner (on the cellphone) queries the *original* Job at<br>the first Printer (the Cloud Print Service, typically) to see the rolled-up<br>and summarized results of the downstream Job processing.<br><br>Letting the original Job submitter cancel Jobs on way downstream Printers<br>is a severe security violation that breaks any possible scheme of access<br>control.<br><br>Where would the authentication credentials come when the downstream<br>Jobs were created by the intervening Printers.<br><br>Because I assure you that the Printers *cannot* have the private key of the <br>original Job owner and cannot keep doing strong downstream authentication <br>in so-called proxy operations (and the assumption that simple username and<br>password can just be sent forward out-of-band is hopelessly broken).<br><br>Cheers,<br>- Ira<br><br clear=all>Ira McDonald (Musician / Software Architect)<br>Chair - Linux Foundation Open Printing WG<br>Secretary - IEEE-ISTO Printer Working Group<br>Co-Chair - IEEE-ISTO PWG IPP WG<br>Co-Chair - TCG Trusted Mobility Solutions WG<br>Chair - TCG Embedded Systems Hardcopy SG<br>IETF Designated Expert - IPP &amp; Printer MIB<br>Blue Roof Music/High North Inc<br><a href="http://sites.google.com/site/blueroofmusic" target="_blank"><span style='color:#3333FF'>http://sites.google.com/site/blueroofmusic</span></a><br><a href="http://sites.google.com/site/highnorthinc" target="_blank"><span style='color:#6600CC'>http://sites.google.com/site/highnorthinc</span></a><br>mailto:<a href="mailto:blueroofmusic@gmail.com" target="_blank">blueroofmusic@gmail.com</a><br>Winter&nbsp; 579 Park Place&nbsp; Saline, MI&nbsp; 48176&nbsp; <a href="tel:734-944-0094" target="_blank">734-944-0094</a><br>Summer&nbsp; PO Box 221&nbsp; Grand Marais, MI 49839&nbsp; <a href="tel:906-494-2434" target="_blank">906-494-2434</a><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'><o:p>&nbsp;</o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Wed, Nov 16, 2011 at 12:55 PM, Michael Sweet &lt;<a href="mailto:msweet@apple.com" target="_blank">msweet@apple.com</a>&gt; wrote:<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Pete,<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>My point about forwarding is that the mechanism for authenticating the original-requesting-user-name and job-originating-user-name values over IPP is undefined. How/why do the child printers implicitly trust everything that is sent to them from the parent printer?<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>But again, the current wording makes original-requesting-user-name and job-originating-user-name distinctly different: original-requesting-user-name is the value that was supplied by the client while job-originating-user-name is the most authenticated name. Your proposed change would effectively make them the same, in which case we should:<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>1. Remove forwarding of job-originating-user-name entirely,<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>2. Delete original-requesting-user-name entirely, or<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>3. Make original-requesting-user-name exclusively an operation attribute and use it to pass the forwarded job-originating-user-name value in the fan-out case (this would, IMHO, be the sanest approach).<o:p></o:p></p></div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p></div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Nov 16, 2011, at 9:23 AM, Zehler, Peter wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Mike,</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>The semantics are limited to Job forwarding systems of printers (i.e. IPP Fan out and fan in).&nbsp; On the first system the Job&#8217;s &#8220;original-job-requesting-user-name&#8221; and &#8220;job-originating-user-name&#8221; are populated with the same value.&nbsp; Per rfc2911 that value is the most authenticated printable name that it can obtain from the authentication service over which the IPP operation was received. &nbsp;Only if such is not available, does the Printer object use the value supplied by the client in the &quot;requesting-user-name&quot;. &nbsp;On the next hop is where things diverge.&nbsp; The upstream printer uses its own identity&nbsp; in &nbsp;the &#8220;requesting-user-name&#8221; operational attribute.&nbsp; It also passes along the &#8220;original-requesting-user-name&#8221; as an operational attribute.&nbsp; The downstream printer uses the &#8220;requesting-user-name&#8221;, or the identity obtained from a trusted protocol layer, to insure the request is from a configured upstream printer.&nbsp; The downstream printer then copies over the &#8220;original-job-requesting-user-name&#8221; operational attribute to the job object AND to the job object&#8217;s &#8220;job-originating-user-name&#8221;.&nbsp; In other words the child job is owned by the initial submitting user throughout the chain and not by the immediate parent (i.e. IPP Printers).</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Pete</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:navy'>Peter Zehler</span><span style='font-size:11.0pt;color:#1F497D'><br><br></span><span style='font-size:10.0pt;color:navy'>Xerox Research Center Webster<br>Email:&nbsp;<a href="mailto:Peter.Zehler@Xerox.com" target="_blank">Peter.Zehler@Xerox.com</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Voice: <a href="tel:%28585%29%20265-8755" target="_blank">(585) 265-8755</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>FAX: <a href="tel:%28585%29%20265-7441" target="_blank">(585) 265-7441</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>US Mail: Peter Zehler</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Xerox Corp.</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>800 Phillips Rd.</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>M/S 128-25E</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Webster NY, 14580-9701</span><o:p></o:p></p></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p></div><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in;border-width:initial;border-color:initial'><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt'>From:</span></b><span style='font-size:10.0pt'>&nbsp;Michael Sweet [mailto:<a href="mailto:msweet@apple.com" target="_blank">msweet@apple.com</a>]&nbsp;<br><b>Sent:</b>&nbsp;Wednesday, November 16, 2011 10:47 AM<br><b>To:</b>&nbsp;Zehler, Peter<br><b>Cc:</b>&nbsp;<a href="mailto:ipp@pwg.org" target="_blank">ipp@pwg.org</a><br><b>Subject:</b>&nbsp;Re: [IPP] Proposed errata for rfc3998</span><o:p></o:p></p></div></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Pete,<o:p></o:p></p></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>If we make this change, then what is the difference between original-requesting-user-name and job-originating-user-name?<o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Section 10.8.4 (re)defines job-originating-user-name as the authenticated original user and whose value is supposed to be forwarded by each client unchanged... (something I am not 100% happy with since there is no provision for it in an IPP job submission)<o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Seems like the original intent was for original-requesting-user-name to be the unauthenticated value.<o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>(and now I go off to add some text for this to JPS3 for job-originating-user-uri...)<o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p></div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Nov 16, 2011, at 3:17 AM, Zehler, Peter wrote:<o:p></o:p></p></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'>&nbsp;<o:p></o:p></p></div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>Please substitute &#8220;</span><span style='color:black'>section 10.8.3 of rfc3998&#8221; for &#8220;section 10.8.8 of rfc3998&#8221; below.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p></div></div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:navy'>Peter Zehler</span><span style='font-size:11.0pt;color:#1F497D'><br><br></span><span style='font-size:10.0pt;color:navy'>Xerox Research Center Webster<br>Email:&nbsp;<a href="mailto:Peter.Zehler@Xerox.com" target="_blank">Peter.Zehler@Xerox.com</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Voice: <a href="tel:%28585%29%20265-8755" target="_blank">(585) 265-8755</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>FAX: <a href="tel:%28585%29%20265-7441" target="_blank">(585) 265-7441</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>US Mail: Peter Zehler</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Xerox Corp.</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>800 Phillips Rd.</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>M/S 128-25E</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Webster NY, 14580-9701</span><o:p></o:p></p></div></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p></div></div><div><div style='border:none;border-top:solid windowtext 3.0pt;padding:3.0pt 0in 0in 0in;border-width:initial;border-color:initial;border-width:initial;border-color:initial'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt'>From:</span></b><span style='font-size:10.0pt'>&nbsp;<a href="mailto:ipp-bounces@pwg.org" target="_blank">ipp-bounces@pwg.org</a>&nbsp;<a href="mailto:[mailto:ipp-bounces@pwg.org]" target="_blank">[mailto:ipp-bounces@pwg.org]</a>&nbsp;<b>On Behalf Of&nbsp;</b>Zehler, Peter<br><b>Sent:</b>&nbsp;Wednesday, November 16, 2011 6:13 AM<br><b>To:</b>&nbsp;<a href="mailto:IPP@pwg.org" target="_blank">IPP@pwg.org</a><br><b>Subject:</b>&nbsp;[IPP] Proposed errata for rfc3998</span><o:p></o:p></p></div></div></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt'>&nbsp;</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:black'>All,</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:black'>&nbsp;</span><o:p></o:p></p></div></div><pre><span style='font-size:12.0pt;color:black'>Section 10.8.2 covering &#8220;original-requesting-user-name&#8221; is a bit misleading.&nbsp; The issue is that the Job owner is not always the same as the &nbsp;&#8220;requesting-user-name&#8221;.&nbsp; &nbsp;When forwarding jobs from one printer to another the &#8220;original-requesting-user-name&#8221; is the most authenticated printable name that can be obtained.&nbsp; As stated in section 10.8.8 of rfc3998: &nbsp;&#8220;The &quot;job-originating-user-name&quot; Job Description attribute (see [RFC2911], section 4.3.6) remains as the authenticated original user&#8221;.&nbsp; This is inconsistent with section 10.8.2 as currently written.&nbsp; Below is my proposed change to section 10.8.2.</span><o:p></o:p></pre><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>&nbsp;</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>Original:</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>10.8.2.&nbsp; original-requesting-user-name (name(MAX)) Operation and Job</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Description Attribute</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>&nbsp;</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>&nbsp;&nbsp; The operation attribute containing the user name of the original</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>&nbsp;&nbsp; user; i.e., corresponding to the &quot;requesting-user-name&quot; operation</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>&nbsp;&nbsp; attribute (see [RFC2911], section 3.2.1.1) that the original client</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>&nbsp;&nbsp; supplied to the first Printer object.&nbsp; The Printer copies the</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>&nbsp;&nbsp; &quot;original-requesting-user-name&quot; operation attribute to the</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>&nbsp;&nbsp; corresponding Job Description attribute.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt'>&nbsp;</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt'>Corrected:</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>10.8.2.&nbsp; original-requesting-user-name (name(MAX)) Operation and Job</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Description Attribute</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>&nbsp;</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>&nbsp;&nbsp; The operation attribute containing the user name of the original</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>&nbsp;&nbsp; user; i.e., corresponding to the&nbsp;<span style='background:yellow'>&quot;job-originating-user-name&quot; Job</span></span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black;background:yellow'>&nbsp;&nbsp; attribute (see [RFC2911], section 4.3.6)</span><span style='font-size:10.0pt;font-family:"Courier New";color:black'>&nbsp;that identifies the&nbsp;<span style='background:yellow'>Job</span></span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black;background:yellow'>&nbsp;&nbsp; owner on</span><span style='font-size:10.0pt;font-family:"Courier New";color:black'>&nbsp;the first Printer object.&nbsp; The Printer copies the</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>&nbsp;&nbsp; &quot;original-requesting-user-name&quot; operation attribute to the</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Courier New";color:black'>&nbsp;&nbsp; corresponding Job Description attribute.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt'>&nbsp;</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:navy'>Peter Zehler</span><span style='font-size:11.0pt;color:#1F497D'><br><br></span><span style='font-size:10.0pt;color:navy'>Xerox Research Center Webster<br>Email:&nbsp;</span><span style='font-size:11.0pt'><a href="mailto:Peter.Zehler@Xerox.com" target="_blank"><span style='font-size:10.0pt'>Peter.Zehler@Xerox.com</span></a><span style='color:#1F497D'><br></span></span><span style='font-size:10.0pt;color:navy'>Voice: <a href="tel:%28585%29%20265-8755" target="_blank">(585) 265-8755</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>FAX: <a href="tel:%28585%29%20265-7441" target="_blank">(585) 265-7441</a></span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>US Mail: Peter Zehler</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Xerox Corp.</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>800 Phillips Rd.</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>M/S 128-25E</span><span style='font-size:11.0pt;color:#1F497D'><br></span><span style='font-size:10.0pt;color:navy'>Webster NY, 14580-9701</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt'>&nbsp;</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><br>--&nbsp;<br>This message has been scanned for viruses and&nbsp;<br>dangerous content by&nbsp;<a href="http://www.mailscanner.info/" target="_blank"><b>MailScanner</b></a>, and is&nbsp;<br>believed to be clean.<o:p></o:p></p></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:13.5pt;font-family:"Geneva","serif"'><br>--&nbsp;<br>This message has been scanned for viruses and&nbsp;<br>dangerous content by&nbsp;<a href="http://www.mailscanner.info/" target="_blank"><b>MailScanner</b></a>, and is&nbsp;<br>believed to be clean. _______________________________________________<br>ipp mailing list<br><a href="mailto:ipp@pwg.org" target="_blank">ipp@pwg.org</a><br><a href="https://www.pwg.org/mailman/listinfo/ipp" target="_blank">https://www.pwg.org/mailman/listinfo/ipp</a></span><o:p></o:p></p></div></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p></div><div><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:13.5pt;font-family:"Monaco","serif";color:black'>________________________________________________________________________</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:13.5pt;font-family:"Monaco","serif";color:black'>Michael Sweet, Senior Printing System Engineer, PWG Chair</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:13.5pt;font-family:"Monaco","serif";color:black'>&nbsp;</span><o:p></o:p></p></div></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:13.5pt;font-family:"Geneva","serif";color:black'>&nbsp;</span><o:p></o:p></p></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'>&nbsp;<o:p></o:p></p></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p></div></div></div></div></blockquote></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p><div><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:13.5pt;font-family:"Monaco","serif";color:black'>________________________________________________________________________</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:13.5pt;font-family:"Monaco","serif";color:black'>Michael Sweet, Senior Printing System Engineer, PWG Chair</span><o:p></o:p></p></div></div></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><br>-- <br>This message has been scanned for viruses and <br>dangerous content by <a href="http://www.mailscanner.info/" target="_blank"><b>MailScanner</b></a>, and is <br>believed to be clean. <o:p></o:p></p></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'><br>_______________________________________________<br>ipp mailing list<br><a href="mailto:ipp@pwg.org" target="_blank">ipp@pwg.org</a><br><a href="https://www.pwg.org/mailman/listinfo/ipp" target="_blank">https://www.pwg.org/mailman/listinfo/ipp</a><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p></div></div></div></div></div><p class=MsoNormal><o:p>&nbsp;</o:p></p></div><br />-- 
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</body></html>