Component/s: Core Spec
This section describes message authorization and states:
"This Pull signal can effect message delivery from MPC "http://msh.example.com/mpc123" only if its credentials match the authorization parameters of at least one P-Mode associated with pulling messages on this MPC"
This raises the following question: if a pulling MSH1 uses credentials that are valid for messages of Pmode P1 but not for messages of Pmode P2, but both P2 and P2 are sent on MSH2 on MPC "http://msh.example.com/mpc123", and if both a P1 message and a P2 message have been submitted to this MPC (and queued for pulling), will the pull request (or a series of repeated pull requests) from MSH1:
(a) return P1 but not P2? In that case the pulling is not a simple "dequeue" but assumes some filtering of messages on an MPC, which is
(b) return P1 and P2? In that case the server MSH2 will return P2 messages to MSH1 that violate its Pmode configuration only because MSH1 is allowed to pull P1 messages.
The simpler option would be to have a one-to-one authorization of pullings MSHs to MPCs, meaning the authorization is on MPC rather than on PMode. This can be viewed as a constraint on PMode configurations.