IPP - Overhaul

On our radar
IPP is an interesting idea, but in its current form, it does not have any actual "Protection". The problem is, the person who gets the OML can publish it with no interaction from the original author, so nothing is being protected, it is just a hassle to get the OML released to the new server. A much better system would involve a two or three factor authentication with the original OML creator, like emailing them saying, "person XYZ wants to deploy this OML, is that OK?" and *then* sending the new OML to the requester.

Created on 12 Jun 2011
Comments (5)
Why doesn't it have any Protection?

For so far I know you can let OS know which email are able to ipp your oml.

Think it would be nice to have the ability to apply an password to you're oml. Simple and it at you're own risk if you spread the password to someone else.

Evert -

Here's the current IPP flow:

1. Someone obtains the OML
2. They go to the IPP site, upload the OML and provide the activation code of the server they are deploying TO
3. They get an OML that will install on that server

How does that protect the OML from being deployed where it shouldn't be? IT DOESN'T! All it does is force the person to copied your OML to jump through a 30 second process. That's not "protection". Nowhere does the original OML author have the opportunity of denying the IPP request, nowhere does the IPP requester need to provide information (like a password, activation code of the original server, etc.) that they would not have unless they were allowed to have this OML.



That's indeed the IPP :). 

But like I said, for so far I know I can tell OS that my oml may only be ipp'ed by my email. So if someone else has got my oml and want to IPP he get the notification that this is not allowed with his email adress since only my email may use the IPP with that oml. Thinks it's more on activationCode level but that would also do the trick.

Don't know for shure if this is so (OS need to confirm it) but I heard that this was possible.
Evert -

I've never seen IPP restrict what email can work with a file. There's no setting for it in the OML or XIF, there are no settings for it in Service Center, there is nowhere at all to restrict it.

IPP either needs to work RIGHT (such as having the OML know what email addresses IPP is allowed to work with, or requiring a password) or it needs to be removed.


The settings can be better :).

I though you need to contact OS and they apply it for you (still don't know for shure if this is the way).

Having this ability in SC would be a lot better.