Return-Path: Delivered-To: apmail-incubator-esme-dev-archive@minotaur.apache.org Received: (qmail 91767 invoked from network); 1 Oct 2009 03:24:19 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 1 Oct 2009 03:24:19 -0000 Received: (qmail 53448 invoked by uid 500); 1 Oct 2009 03:24:18 -0000 Delivered-To: apmail-incubator-esme-dev-archive@incubator.apache.org Received: (qmail 53400 invoked by uid 500); 1 Oct 2009 03:24:18 -0000 Mailing-List: contact esme-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: esme-dev@incubator.apache.org Delivered-To: mailing list esme-dev@incubator.apache.org Received: (qmail 53388 invoked by uid 99); 1 Oct 2009 03:24:18 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Oct 2009 03:24:18 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of benewu@gmail.com designates 209.85.211.194 as permitted sender) Received: from [209.85.211.194] (HELO mail-yw0-f194.google.com) (209.85.211.194) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Oct 2009 03:24:08 +0000 Received: by ywh32 with SMTP id 32so7120007ywh.14 for ; Wed, 30 Sep 2009 20:23:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=cMRTKuMeCgUug7v0yXmcY40QExvP8ojMb6KULIWUX1w=; b=KWmDFIRi+2Pb5+AyZw3p/RQX0bQqhIT8DAII3hX4SQlanZ5PAKVM6iDQdZ9jhzAPpr uHa2ccE/6AvFmD40dTIIZdbJl7i4nAbEYaffXj+WtPplv09dSQbU/NC9AKrGMoFnlix1 AlhfcQu9KdgYQ/gm6S5A3CkwKplNSZl8lWlwo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=ZJZH/eWkJmPN0EVoo47jwPhwKwZB6+KUEx4SSfV4X/kMvjfLiUOVN69IGJofvvibI6 NJJ6U6oejecS1aSRyivrxEVqt03vi15l8KrYGA00MpTHGvkEtBN1om4T4L8tH3rGmSBN YUHJlgzjlCTUcm0jf0U4cKE34A8UDjY2W/GiE= MIME-Version: 1.0 Received: by 10.101.126.10 with SMTP id d10mr519385ann.147.1254367427620; Wed, 30 Sep 2009 20:23:47 -0700 (PDT) In-Reply-To: References: Date: Thu, 1 Oct 2009 11:23:47 +0800 Message-ID: <4db64d890909302023n56114990s2e6197554e63a0ed@mail.gmail.com> Subject: Re: Deleting user from access pool From: Xuefeng Wu To: esme-dev@incubator.apache.org Content-Type: multipart/alternative; boundary=001636ed6b5df0ee810474d72c58 X-Virus-Checked: Checked by ClamAV on apache.org --001636ed6b5df0ee810474d72c58 Content-Type: text/plain; charset=ISO-8859-1 There're two features:1. delete users from pool; 2. delete pool. There're some argue and my opinion: *when delete users from pool.* We could withdraw all messages from the user, whatever read or unread. *when delete pool. ESME-68* withdraw all messages can create new pool which have the same name as deleted On Wed, Sep 30, 2009 at 3:59 PM, Vassil Dichev wrote: > > Should we allow for a user to be deleted from an access pool? > > > > If yes what happens? Does he no longer have access to the messages in > > the pool - irregardless of whether he wrote them or not? > > It should be possible to delete a user, yes. I think it has been > discussed or specified in the requirements pdf that once a message is > in the user's mailbox, it stays there, so that's how it works now. At > any rate, deleting a message from the mailbox, which the user may have > already seen doesn't offer any more security. A user also doesn't see > messages in his/her mailbox, which were sent before he was added to > the pool. > > The interesting part is what happens if a pool has been removed and > whether it should be possible at all. This could pose a security > problem if an impostor creates a pool with the same name (similar to > what might happen with a deleted user account) > -- Global R&D Center,Shanghai China,Carestream Health, Inc. Tel:(86-21)3852 6101 --001636ed6b5df0ee810474d72c58--