OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

amqp message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (AMQP-105) AMQPCBS: Indicating that multiple challenge-responses are required to transmit token set

     [ https://issues.oasis-open.org/browse/AMQP-105?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brian Raymor updated AMQP-105:
------------------------------

    Proposal: 
Based on the 5/5/17 TC call, there was agreement to:

1. Use NUL NUL to signal that the response contains the final token
2. To allow optional validation - but fast-fail on the first validation error

> AMQPCBS: Indicating that multiple challenge-responses are required to transmit token set
> ----------------------------------------------------------------------------------------
>
>                 Key: AMQP-105
>                 URL: https://issues.oasis-open.org/browse/AMQP-105
>             Project: OASIS Advanced Message Queuing Protocol (AMQP) TC
>          Issue Type: Improvement
>          Components: Claims Based Security
>    Affects Versions: cbs-WD03
>            Reporter: Brian Raymor
>            Assignee: Brian Raymor
>             Fix For: cbs-WD04
>
>
> If the token set exceeds the frame size for sasl-init, then additional sasl-challenge and sasl-response pairs are required to send the remaining tokens.
> Multiple approaches are possible. WD3 uses a simple strawman to encourage discussion. When the server has received all the tokens based on the token count, it stops sending sasl-challenge and sends a sasl-outcome.
> Other options include:
> •  The equivalent of the transfer more field is added to the response data:
>     RESPONSE = TOKEN-COUNT 1*TOKEN MORE
> to indicate whether additional sasl-challenge and sasl-response frames are required to complete the exchange.
> •  A "magic" value like NUL NUL could follow the last token and signal completion.
> • The server always sends an "empty" sasl-challenge and the client responds with an "empty" sasl-response when the exchange is complete. This is especially inefficient if all the tokens are sent in the sasl-init.



--
This message was sent by Atlassian JIRA
(v6.2.2#6258)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]