attachment

<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Thanks Ira. I'm still going to write it up in a white paper / technical brief so that I can better outline the use cases, and we can use that to drive our discussion at the Feb. F2F.<div class=""><br class=""><div class="">
Smith<br class=""><br class=""><br class="">

</div>

<br class=""><div><blockquote type="cite" class=""><div class="">On Jan 26, 2017, at 11:14 AM, Ira McDonald <<a href="mailto:blueroofmusic@gmail.com" class="">blueroofmusic@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div dir="ltr" class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class="">Hi,<br class=""><br class=""></div>Smith plans to bring a whitepaper and/or slides on this new operation<br class=""></div>(tentatively to be named Get-User-Printer-Attributes for clarity) to the <br class="">PWG F2F meeting in February.<br class=""></div><br class=""></div>On reflection, I suggest that perhaps we *should* add this operation<br class=""></div>to IPP System Service to enhance IPP Client interworking with IPP <br class="">Printers (job services).<br class=""><br class=""></div><div class="">Mike has convinced me that the operation should look just like the<br class=""></div><div class="">existing Get-Printer-Attributes operation (input/output attributes),<br class=""></div><div class="">but allow the Printer (if so configured) to authenticate the Client's<br class=""></div><div class="">requesting user identity and always require filtering of the response<br class=""></div><div class="">based on the most authenticated requesting user identity.<br class=""><br class=""></div><div class="">Cheers,<br class=""></div><div class="">- Ira<br class=""></div><br class=""></div><div class="gmail_extra"><br clear="all" class=""><div class=""><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr" class=""><div class=""><div dir="ltr" class="">Ira McDonald (Musician / Software Architect)<br class="">Co-Chair - TCG Trusted Mobility Solutions WG<br class="">Chair - Linux Foundation Open Printing WG<br class="">Secretary - IEEE-ISTO Printer Working Group<br class="">Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG<br class="">IETF Designated Expert - IPP & Printer MIB<br class="">Blue Roof Music / High North Inc<br class=""><a style="color:rgb(51,51,255)" href="http://sites.google.com/site/blueroofmusic" target="_blank" class="">http://sites.google.com/site/blueroofmusic</a><br class=""><a style="color:rgb(102,0,204)" href="http://sites.google.com/site/highnorthinc" target="_blank" class="">http://sites.google.com/site/highnorthinc</a><br class="">mailto: <a href="mailto:blueroofmusic@gmail.com" target="_blank" class="">blueroofmusic@gmail.com</a><br class="">Jan-April: 579 Park Place  Saline, MI  48176  734-944-0094<br class="">May-Dec: PO Box 221  Grand Marais, MI 49839  906-494-2434<br class=""><br class=""><div style="display:inline" class=""></div><div style="display:inline" class=""></div><div style="display:inline" class=""></div><div class=""></div><div class=""></div><div class=""></div><div class=""></div></div></div></div></div></div>
<br class=""><div class="gmail_quote">On Sun, Jan 15, 2017 at 10:49 PM, Michael Sweet <span dir="ltr" class=""><<a href="mailto:msweet@apple.com" target="_blank" class="">msweet@apple.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Ira,<br class="">
<span class=""><br class="">
> On Jan 15, 2017, at 8:45 PM, Ira McDonald <<a href="mailto:blueroofmusic@gmail.com" class="">blueroofmusic@gmail.com</a>> wrote:<br class="">
><br class="">
> Hi Mike,<br class="">
><br class="">
</span><span class="">> You are suggesting this new Get-User-Printer-Attributes operation<br class="">
> does NOT require authentication and authorization of the Client?<br class="">
<br class="">
</span>No, I am suggesting that this new operation *may* not require Client authentication, depending on the configuration of the Printer, just as Cancel-Job, Cancel-All-Jobs, Cancel-My-Jobs, Create-Job, Get-Job-Attributes, Get-Jobs, Print-Job, Print-URI, Send-Document, Send-URI, and Validate-Job do.<br class="">
<br class="">
FWIW, Get-Printer-Attributes is basically the only operation in IPP/1.1 (RFC 2911/8011) that does not say anything about authentication, the most authenticated identity, authorization rights, or filtering of attributes or values based on the most authenticated identity.  And that makes it impossible to add authentication requirements without breaking a lot of (read: all) Clients.<br class="">
<span class=""><br class="">
> If that's right, what value does this operation offer over the classic<br class="">
> Get-Printer-Attributes (with perhaps an "ipp-features-supported"<br class="">
> tag that says it supports User-based filtering)?<br class="">
<br class="">
</span>It makes it consistent with the Job operations.<br class="">
<span class=""><br class="">
> My reading of original RFC 2911 was that *any* operation could do<br class="">
> filtering based on the requesting user (i.e., Get-Jobs).<br class="">
<br class="">
</span>No, there is discussion of authentication and the most authenticated user/identity, but specific requirements and filtering are discussed in the description of each operation.  In particular, Get-Jobs and Get-Job-Attributes talk about filtering based on security policy, while Get-Printer-Attributes only talks about filtering based on document format (and basically says everyone gets to see the same information).<br class="">
<br class="">
This is arguably a bug in the original IPP specs, but there is nothing we can do to fix Get-Printer-Attributes now.<br class="">
(but there are advantages to having a public/guest "get" operation for discovering what a Printer will require, e.g., "uri-authentication-supported" values...)<br class="">
<div class="HOEnZb"><div class="h5"><br class="">
______________________________<wbr class="">___________________________<br class="">
Michael Sweet, Senior Printing System Engineer<br class="">
<br class="">
</div></div></blockquote></div><br class=""></div>
</div></blockquote></div><br class=""></div></body></html>

Comments are owned by the poster. All other material is Copyright © 2001-2024 The Printer Working Group. All rights reserved. IPP Everywhere, the IPP Everywhere logo, and the PWG logo are trademarks of the IEEE-ISTO.
About the PWG · Privacy Policy · PWG Webmaster