[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (AMQP-102) Detailed descriptions for error conditions related to content
Brian Raymor created AMQP-102:
---------------------------------
Summary: Detailed descriptions for error conditions related to content
Key: AMQP-102
URL: https://issues.oasis-open.org/browse/AMQP-102
Project: OASIS Advanced Message Queuing Protocol (AMQP) TC
Issue Type: Improvement
Components: Claims Based Security
Affects Versions: cbs-WD03
Reporter: Clemens Vasters
Assignee: Brian Raymor
Priority: Minor
Fix For: cbs-WD04
For both put-token and delete-token
For error conditions related to the content of the request, e.g., unsupported token type, malformed request etc., a detailed description SHOULD NOT be provided in the error field, in line with general best practice for security-related protocols.
//
That’s a bit harsh. I think it is worth differentiating between a totally botched request and a token that is structurally sound but isn’t valid for the scope or has expired. That doesn’t substantially lower the security bar, but does reduce support cost.
--
This message was sent by Atlassian JIRA
(v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]