CandC:PandE Referee Report Form *********************************************** Electronic Transimission to gcf@indiana.edu strongly preferred Referees Home Page: http://aspen.csit.fsu.edu/CandCPandE/ Email gcf@indiana.edu for URL of full paper to be reviewed WILEY Journal Home Page John Wiley and Sons, Ltd. Baffins Lane, Chichester West Sussex, PO19 1UD, England Telephone: (01243) 779777 Fax: (01243) 770379 REFEREE'S REPORT Concurrency and Computation:Practice and Experience ********** A: General Information Please return to: Geoffrey C. Fox Electronically Preferred gcf@indiana.edu Concurrency and Computation: Practice and Experience Computer Science Department 228 Lindley Hall Bloomington Indiana 47405 Office Phone 8128567977(Lab), 8128553788(CS) but best is cell phone 3152546387 FAX 8128567972 Please fill in Summary Conclusions (Sec. C) and details as appropriate in Secs. D, E and F. B: Refereeing Philosophy We encourage a broad range of readers and contributors. Please judge papers on their technical merit and separate comments on this from those on style and approach. Keep in mind the strong practical orientation that we are trying to give the journal. Note that the forms attached provide separate paper for comments that you wish only the editor to see and those that both the editor and author receive. Your identity will of course not be revealed to the author. C: Paper and Referee Metadata Paper Number Cnnn: C557 Date: 09/29/01 Paper Title: Application Portals: Practice and Experience Author(s): Mary Thomas, Maytal Dahan, Kurt Mueller, Steve Mock, Cathie Mills, Ray Regno. Referee: Marlon Pierce Address: 2435 5th Street, WPAFB, OH 45433-7802 Referee Recommendations. Please indicate overall recommendations here, and details in following sections. publish as is accepted provided changes suggested are made reject Accept with suggested changes D: Referee Comments (For Editor Only) ------------------------------------ E: Referee Comments (For Author and Editor) ------------------------------ The paper describes the successful work at SDSC to develop production caliber portals that implement grid services. * In section 2.3, the authors describe the use of cookies in security. Cookies are the standard way to maintain session state between client and server that are using HTTP but are not used specifically for security by servlet engines. * Not necessary but possibly interesting: since the paper deals with practice and experience with application portals, it would be interesting to describe any security problems that have come up while HotPage has been active, how they were dealt with, what steps were taken afterwards (i.e., a portal security lessons learned section). * I recommend a careful rereading to catch some typographical errors. Also, Figure 6 is hard to read. F: Presentation Changes See previous note.