Continuations are modelled as action-entities, which can either be used for continuation purposes only or for dual-purpose — both as a continuation and an action, which can be invoked by a user explicitly. Due to this latter fact, the use of CanExecute security tokens is important. However, in application to the continuation use case, the process of authorisation happens outside of the security scope for the main entity that insitated the continuation. This results in the increased overhead for managing security tokens for action-entities that are also used as continuations in order to sync them with security tokens for the main entities, where continuations are invoked from.
In order to improve this situation without any impact on security, it should be sufficient to process continuations without CanExecute verification, because instigation for a continuation can only occur in an authorised security scope.
Expected outcome
Ability to use action-entities as both actions and continuations with enforced authorisation for their CanExecute tokens when executing actions, and without such enforcement when executing continuations. Ultimately, this should both simplify management of security tokens by application administrators and improve security by avoiding situations where developers skipped creating CanExecute tokens for continuations that later got used as actions.
Description
Continuations are modelled as action-entities, which can either be used for continuation purposes only or for dual-purpose — both as a continuation and an action, which can be invoked by a user explicitly. Due to this latter fact, the use of
CanExecute
security tokens is important. However, in application to the continuation use case, the process of authorisation happens outside of the security scope for the main entity that insitated the continuation. This results in the increased overhead for managing security tokens for action-entities that are also used as continuations in order to sync them with security tokens for the main entities, where continuations are invoked from.In order to improve this situation without any impact on security, it should be sufficient to process continuations without
CanExecute
verification, because instigation for a continuation can only occur in an authorised security scope.Expected outcome
Ability to use action-entities as both actions and continuations with enforced authorisation for their
CanExecute
tokens when executing actions, and without such enforcement when executing continuations. Ultimately, this should both simplify management of security tokens by application administrators and improve security by avoiding situations where developers skipped creatingCanExecute
tokens for continuations that later got used as actions.