[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: SSL Mutual Authentication and the Message Service Spec
"Perhaps we should lobby the MSG TC to remove the requirement to support basic authentication in the 1.1 spec." Agreed. David Fischer Drummond Group. -----Original Message----- From: Arvola Chan [mailto:arvola@tibco.com] Sent: Thursday, August 23, 2001 11:41 AM To: ebxml-cppa@lists.oasis-open.org Cc: ebxml-msg@lists.oasis-open.org Subject: Re: SSL Mutual Authentication and the Message Service Spec I took a look at the Communication Protocol Bindings section (Appendix B) in the Message Service Spec. Lines 2843 to 2845 state: "Both [RFC2246] and [SSL3] require the use of server side digital certificates. In addition client side certificate based authentication is also permitted. ebXML Message Service handlers MUST support hierarchical and peer-to-peer trust models." Therefore, I think the CPP/A 1.1 spec needs to be fixed to support mutual authentication. In addition, lines 2823 to 2828 in the Message Service spec state: "Implementers MAY protect their ebXML Message Service Handlers from unauthorized access through the use of an access control mechanism. The HTTP access authentication process described in "HTTP Authentication: Basic and Digest Access Authentication" [RFC2617] defines the access control mechanisms allowed to protect an ebXM L Message Service Handler from unauthorized access. Implementers MAY support all of the access control schemes defined in [RFC2617] however they MUST support the Basic Authentication mechanism, as described in section 2, when Access Control is used." More changes to the CPP/A spec will be necessary to support Basic Authentication. However, I seriously doubt if basic authentication which sends user name and password in cleartext is suitable for conducting E business transactions. Perhaps we should lobby the MSG TC to remove the requirement to support basic authentication in the 1.1 spec. -Arvola ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC