uddi-spec message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: Re: [uddi-spec] Change request for discard transfer token API
- From: Andrew Hately <hately@us.ibm.com>
- To: Max Voskob <mvoskob@msi.com.au>
- Date: Thu, 06 Feb 2003 12:29:41 -0600
From our perspective, as an implementor,
the lack of this API was an oversight as it means the only way that a token
can be invalidated is by expiry. This could clearly be frustrating
for any user of this API set who forgets the opaqueToken or the more critical
case is where a party knows that the opaqueToken has been accidentally
seen by an unauthorized party and there is a need to invalidate it/
I would assume that other implementors
of this API set would draw the same conclusion that the lack of this mechanism
to discard tokens was an oversight.
Andrew Hately
IBM Austin
UDDI Development, Emerging Technologies
| Max Voskob <mvoskob@msi.com.au>
02/06/2003 02:19 AM
|
|
To
| uddi-spec@lists.oasis-open.org
|
|
cc
|
|
|
Subject
| Re: [uddi-spec] Change request
for discard transfer token API |
|
Andrew,
I wonder what impact would this change have
on existing implementations of v.3?
Are there any opinions from the vendors?
Cheers,
Max
----- Original Message -----
From: Andrew
Hately
To: uddi-spec@lists.oasis-open.org
Sent: Thursday, February 06, 2003 6:55 PM
Subject: [uddi-spec] Change request for discard
transfer token API
Please review the attached CR-0024. It covers a new API as there
is currently no means in the specification to invalidate a custrody/ownership
transfer token. I view this as an oversight and potential security
issue should a publisher lose track of the opaqueToken, there should
be a means to invalidate the token.
Andrew Hately
IBM Austin
UDDI Development, Emerging Technologies
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC