It's all about the answers!

Ask a question

Trusted consumers?


Mark Ingebretson (58515236) | asked Feb 16 '10, 1:38 p.m.
We're trying to understand the RTC-to-RTC integration capabilities of
RTC 2.0.0.2. In the Cross-server communication setup there is this help
text for the Trusted checkbox:

"Trusted consumers will be able to share authorization with other
trusted consumers and users will not be prompted for approval to access
data. It is recommended that external web sites or products are
considered as untrusted."

Say that there's a link from a work item in project 1 that links to a
work item in project 2. Does having "Trusted" checked mean that a user
authorized to project 1 can see info from project 2 without being
authorized to project 2?

Or does the cross-server communication just suppress a login to project
2 if the user exists in both projects?

I'm trying to understand exactly what are the security implications of
selecting Trusted.

3 answers



permanent link
Saqib Niaz (71623) | answered Mar 23 '18, 4:38 a.m.

 I am also interested in this. I don't really understand, what really changes in OAuth authentication if we check this "Trusted" checkbox?


permanent link
Erik anderson (38315029) | answered Mar 17 '11, 12:55 p.m.
I'm interested in this too. Can someone please comment?

permanent link
Mark Ingebretson (58515236) | answered Feb 23 '10, 10:38 a.m.
Does anyone know how the RTC to RTC integration security works?


On 2/16/10 12:33 PM, Mark Ingebretson wrote:
We're trying to understand the RTC-to-RTC integration capabilities of
RTC 2.0.0.2. In the Cross-server communication setup there is this help
text for the Trusted checkbox:

"Trusted consumers will be able to share authorization with other
trusted consumers and users will not be prompted for approval to access
data. It is recommended that external web sites or products are
considered as untrusted."

Say that there's a link from a work item in project 1 that links to a
work item in project 2. Does having "Trusted" checked mean that a user
authorized to project 1 can see info from project 2 without being
authorized to project 2?

Or does the cross-server communication just suppress a login to project
2 if the user exists in both projects?

I'm trying to understand exactly what are the security implications of
selecting Trusted.

Your answer


Register or to post your answer.