Trusted consumers?
We're trying to understand the RTC-to-RTC integration capabilities of
RTC 2.0.0.2. In the Cross-server communication setup there is this help
text for the Trusted checkbox:
"Trusted consumers will be able to share authorization with other
trusted consumers and users will not be prompted for approval to access
data. It is recommended that external web sites or products are
considered as untrusted."
Say that there's a link from a work item in project 1 that links to a
work item in project 2. Does having "Trusted" checked mean that a user
authorized to project 1 can see info from project 2 without being
authorized to project 2?
Or does the cross-server communication just suppress a login to project
2 if the user exists in both projects?
I'm trying to understand exactly what are the security implications of
selecting Trusted.
RTC 2.0.0.2. In the Cross-server communication setup there is this help
text for the Trusted checkbox:
"Trusted consumers will be able to share authorization with other
trusted consumers and users will not be prompted for approval to access
data. It is recommended that external web sites or products are
considered as untrusted."
Say that there's a link from a work item in project 1 that links to a
work item in project 2. Does having "Trusted" checked mean that a user
authorized to project 1 can see info from project 2 without being
authorized to project 2?
Or does the cross-server communication just suppress a login to project
2 if the user exists in both projects?
I'm trying to understand exactly what are the security implications of
selecting Trusted.
3 answers
Does anyone know how the RTC to RTC integration security works?
On 2/16/10 12:33 PM, Mark Ingebretson wrote:
On 2/16/10 12:33 PM, Mark Ingebretson wrote:
We're trying to understand the RTC-to-RTC integration capabilities of
RTC 2.0.0.2. In the Cross-server communication setup there is this help
text for the Trusted checkbox:
"Trusted consumers will be able to share authorization with other
trusted consumers and users will not be prompted for approval to access
data. It is recommended that external web sites or products are
considered as untrusted."
Say that there's a link from a work item in project 1 that links to a
work item in project 2. Does having "Trusted" checked mean that a user
authorized to project 1 can see info from project 2 without being
authorized to project 2?
Or does the cross-server communication just suppress a login to project
2 if the user exists in both projects?
I'm trying to understand exactly what are the security implications of
selecting Trusted.