Re: OFBIZ-10307: Navigate from a domain to another with automated signed in authentication

Mon, 20 Aug 2018 00:28:39 -0700 

Le 19/08/2018 à 20:25, Taher Alkhateeb a écrit :

Wow, so after having a long, long email (as usual) talking about how
good the work is and you deployed for a client (my god!), now you
reverted because of a fundamental flaw pointed out by Scott.

I did not revert, it was not committed. I updated my patch and it was really a 
small change.
Initially I already planned to not use the client side to grab the loginId with OFBIZ-10206. But forgot about it because I stumbled upon many other issues since. 
This work was challenging at many levels, believe me. I'll not drop it without 
really good arguments!


And now you want to apply lazy consensus despite my objections and the
obvious flaw which you acknowledged. This makes me skeptical of the
entire approach and the quality of the code in question. I would
prefer if you halt all work and study what you're doing instead of
falling into more mistakes.

Again, please give me good *technical* arguments. My work works and is safe, 
prove the contrary.


I'm also distressed with your phrase "Without negative comments well
argumented I'll commit both". In other words if you can't convince me
i'm pushing this code, why, because I want to. That's not how
community works.

Keep calm, you can still prevent me to commit if  you give me good argument as 
Scoot did.
And if you can't find them now you will still be able to veto if you find some 
later.
And again as explained at https://www.apache.org/foundation/voting.html#Veto 
you need arguments:

   /To prevent vetos from being used capriciously, they must be accompanied by 
a technical justification showing why the change is bad (opens a
   security exposure, negatively affects performance, //etc.//). A veto without 
a justification is invalid and has no weight./

Remember this is only trunk and will not be released before at least 1 year and 
most possibly 2, you have plenty of time.

I'm all ears

Jacques


On Sun, Aug 19, 2018 at 3:29 PM Jacques Le Roux
<jacques.le.r...@les7arts.com> wrote:

ôOps missed some words...

Le 19/08/2018 à 12:33, Jacques Le Roux a écrit :

I simply send a JWT token: https://en.wikipedia.org/wiki/JSON_Web_Token and 
https://jwt.io/ to

allow an user to connect to another OFBiz instance (using same version than 
source) on another server (target) on another domain w/o signing in.

Jacques

Reply via email to