You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cocoon.apache.org by Antonio Gallardo <ag...@agsoftware.dnsalias.com> on 2003/07/15 22:15:23 UTC

Session user management - was Re: [flow] session creation

Hi:

There is another important request for flow. Some people ask for security
reasons (example banking software) to allow people only login from one
computer at once.

There are 2 scenarios:

1- You are logged in computer A, in order to log in computer B you need to
go to computer A and do a logout.

2-You are logged in computer A, if you log in computer B your session in
computer A automatically end.

In order to do this we need access to some global store of open sessions
to check if there is already a session for the given user.

I understand no everybody needs this but this will be soon or later a
request for many of us.

I know we already discused it sometime ago and there was no answer to
this. The only answer was a custom authentication subsystem.

Best Regards,

Antonio Gallardo

Re: Session user management - was Re: [flow] session creation

Posted by Marc Portier <mp...@outerthought.org>.

Antonio Gallardo wrote:
> Hi:
> 
> There is another important request for flow. Some people ask for security
> reasons (example banking software) to allow people only login from one
> computer at once.
> 
> There are 2 scenarios:
> 
> 1- You are logged in computer A, in order to log in computer B you need to
> go to computer A and do a logout.
> 

The nature of the web gives you IMHO little to assume about the 
discipline of any user to be actively logging out (or on a 
technical level: the stability of his browser/OS for that 
matter)... so you'll be hitting session time-out wait periods 
with the first approach?

> 2-You are logged in computer A, if you log in computer B your session in
> computer A automatically end.
> 

Hm, I have to think about 'automatically end', the fact is that 
the client's browser on computer A will still have his session id 
and it will be used in the event of the next click...
The question is what would you want to have going on in that event?

> In order to do this we need access to some global store of open sessions
> to check if there is already a session for the given user.
> 
> I understand no everybody needs this but this will be soon or later a
> request for many of us.
> 

My associating mind might be way off topic here, but I couldn't 
help thinking the following:

there is a number of use cases I started thinking about while 
thinking wild about the generalized flow concept...


the whole idea of generalized flow almost boils down to snapping 
the essence of current flow from the POV of the sitemap:

AFAICS the sitemap sees 2 types of URI's (with respect to flow)

1/ URI's that identify a 'use-case' or 'set-of-interaction-steps' 
or maybe the word is even just: a 'flow' to be _started_ ...

consequence of this starting is that a URI of the second set is 
made available:

2/ URI's that identify one of those dynamically created, 
stateful, server side objects which are able to follow up or 
_continue_ the flow (next steps in the use case)

(the sitemap also has typically different matchers for these two 
kinds, and the subsequent split semantics between @function vs 
@continue on the map:call seem to assert my proposition)



now, when considering access control to URI's I'ld like to make 
the folowing observations:

1/ the world without continuations has left us to believe that 
the control of user -> role -> access -> uri can be mapped in a 
set of static ACL's
(well I might be off scale here, I just haven't ever seen 
anything else applied in my experience)

2/ however the second set of URI's (the dynamic ones) disclose 
the need for an access control that is oriented to 
use-case-instances rather then to use-case-types...


the compelling use cases I saw where the folowing
-1- classic-session-tied: the instance is only accessible from 
requests with the same session-id as the request that 
instantiated the instance

-2- classic-user-tied: the instance is accessible from requests 
with the same user-login (as stored in the session) --> this 
would allow for the same user to continue his interaction on 
computer B even if he started it on computer A (and yes, also 
pick up his interaction from the same computer in the event of a 
crash of his system)

-3- basic-plus-superuser-role: then the instance also becomes 
accessible for any user with super-power role...

above is the use case of help-desk-assisted form fill in (which I 
mentioned before): user X fills in form, needs help, calls to the 
helpdesk of the company providing the service, the helpdesk clerk 
steps in to continue the use case, user X just presses refresh on 
the 'echo and confirm page', thx for the help and agrees by 
submitting the final step


-4- basic-plus-enduser-control: the instance is accessible to the 
user that created it (strategy 2) and the use case itself allows 
him to add allow other users in

this last one would enable something like a chatroom

(which brings us to having locks an synchronizations in the show, 
but that is another lingering wild thought)


-5- yours-here: there must be more, but can't think of any at the 
moment


I do understand that all of this could be totally driven by 
storing the controling meta-data for these effects in the 
back-end itself
(IMHO deciding to do so however pushes these concerns up into the 
business tier, where they don't necessarily belong?)



> I know we already discused it sometime ago and there was no answer to
> this. The only answer was a custom authentication subsystem.
> 

missed that, any pointers to this discussion?

I'ld have to conclude also at this time that managing the access 
control to the 'instance' is indeed under the realm of the use 
case itself,

however, I do believe that there is a high likelyhood of having 
ONE strategy for all use cases in a given application and even 
that there are only a limited set of strategies 
conceivable/useful when considering the set of 'all' applications
(I'm aware of the contradiction between 'limited' and 'all' but I 
guess you know what I'm trying to see)

so while under control of the instance, I would find it logical 
that some delegation pattern would be used.


> Best Regards,
> 
> Antonio Gallardo
> 
> 
> 

Please understand that what is above are to be considered as wild 
thoughts (see Sylvain: not domesticated thoughts)
-- hoping they were not so wild that they couldn't be folowed 
(just ask to clarify on specific spots)
-- there is no other goal then to feed discussion first and 
hopefully ever domesticate these thoughts :-)
-- the long due future of which strategy's will be used and 
maintained will depend on which itches are felt by who IMHO
-- the decission of where/how to solidify the concern in the flow 
is probably subject to that long way future, however the stress 
on design is that the outcome is to be available a lot earlier...

up to us to manage the incremental iterations (and refactorings) 
towards the final goal

(I am nowhere near making a first draft, but hopefuly the 
interaction with other ideas will get us there)

regards,
-marc=
-- 
Marc Portier                            http://outerthought.org/
Outerthought - Open Source, Java & XML Competence Support Center
Read my weblog at              http://radio.weblogs.com/0116284/
mpo@outerthought.org                              mpo@apache.org