[Authentication] Problem: Multiple sessions per application
Stef Walter
stef-list at memberwebs.com
Tue Aug 18 21:07:22 PDT 2009
Michael Leupold wrote:
> I'm perfectly fine with that. But I guess then the locking/unlocking
stuff
> should be moved to session as well (so it can be associated with a session),
> specifically:
> - Service.BeginAuthenticate
> - Service.CompleteAuthenticate
> - Service.Authenticated
I think the unlocking stuff is envisioned as per application (or DBus
peer rather), not per session. Especially if multiple sessions are
present for a single application.
Obviously, in many cases unlocking occurs for the entire desktop at
once. That is, the user unlocks a collection and it becomes unlocked for
any application. This is up to the service to decide, and in many cases
the choice of the 'scope' of the unlock could be exposed to the user in
some way. That is:
[x] Unlock the collection for this application.
[x] Unlock for any application.
>
> If that stays in Service I don't see a way to keep track of what's
unlocked
> per session.
FWIW, an client application should never try and be smart and keep track
of what is unlocked. Every time it does a search, it should be ready for
locked items/collections. This is because at any point in time that were
unlocked. A service implementation could do this (and in many cases
should do this) on events like:
* The user via a UI of some sort.
* Hibernate of sleeping of a laptop.
* An idle timeout.
* Locking the desktop.
Or am I missing something?
Cheers,
Stef
More information about the Authentication
mailing list