[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: New Issue: remove dependency on WS-Security
Title: Remove dependency on WS-Security Description: The current draft of the WS-ReliableMessaging specification includes elements that are defined in WS-Security. This dependency is unnecessary and creates a number of problems for WS-RM implementations and the organizations that provide such implementations. It should therefore be removed. Justification: Lines 502-508 of WS-ReliableMessaging-v1.0-wd-01 describes the inclusion of a <wsse:SecurityTokenReference> as a sub-element of the <wsrm:CreateSequence> element. The reason for including a SecurityTokenReference in the sequence creation request is to provide the information necessary to perform authorization checks upon the messages within the sequence. Such authorization checks are unnecessary as they only serve to defend against a denial-of-service attack (spoofed sequence identifiers) that can be better defended against by proper protection of the sequence identifier. In addition to this there are a large number of denial of service attacks that are not blocked by these authorization checks. If vendors that provide implementations of WS-RM are required to support the use of the SecurityTokenReference during sequence creation in order to be deemed "compliant" (as the current interopability scenarios indicate), then such vendors must supply an implementation of WS-Security along with their implementation of WS-ReliableMessaging. This despite the fact that 99% of their customers may not be interested in using anything more complicated than SSL to protect their web services traffic. Although the use of the SecurityTokenReference element is described as optional, the decision on whether or not to use this option lies with the RM Source. Since there is no RM-Policy Assertion that indicates whether or not the RM Destination can accept the use of this option, negotiating the use of this option requires manual, out of band communications between the operators of the two systems. This impacts the usability of the systems that use WS-RM. Related Issues: i007 Origin: Gilbert Pilz Owner: Gilbert Pilz Proposal: * Delete lines 458-461 of WS-ReliableMessaging-v1.0-wd-01 * Delete lines 502-508 of WS-ReliableMessaging-v1.0-wd-01
<issue id="i000" status="unassigned" edstatus="unassigned">
<title>Remove dependency on WS-Security</title>
<description>The current draft of the WS-ReliableMessaging specification includes elements that are defined in WS-Security. This dependency is unnecessary and creates a number of problems for WS-RM implementations and the organizations that provide such implementations. It should therefore be removed.</description>
<target>core</target>
<type>design</type>
<origin href="">Gilbert Pilz</origin>
<owner href="mailto:gilbert.pilz@bea.com";>Gilbert Pilz</owner>
<justification>
<h:p>Lines 502-508 of WS-ReliableMessaging-v1.0-wd-01 describes the inclusion of a <wsse:SecurityTokenReference> as a sub-element of the <wsrm:CreateSequence> element. The reason for including a SecurityTokenReference in the sequence creation request is to provide the information necessary to perform authorization checks upon the messages within the sequence. Such authorization checks are unnecessary as they only serve to defend against a denial-of-service attack (spoofed sequence identifiers) that can be better defended against by proper protection of the sequence identifier. In addition to this there are a large number of denial of service attacks that are not blocked by these authorization checks.</h:p>
<h:p>If vendors that provide implementations of WS-RM are required to support the use of the SecurityTokenReference during sequence creation in order to be deemed compliant (as the current interopability scenarios indicate), then such vendors must supply an implementation of WS-Security along with their implementation of WS-ReliableMessaging. This despite the fact that 99% of their customers may not be interested in using anything more complicated than SSL/TLS to protect their web services traffic.</h:p>
<h:p>Although the use of the SecurityTokenReference element is described as optional, the decision on whether or not to use this option lies with the RM Source. Since there is no RM-Policy Assertion that indicates whether or not the RM Destination can accept the use of this option, negotiating the use of this option requires manual, out of band communications between the operators of the two systems. This impacts the usability of the systems that use WS-RM.
</h:p>
</justification>
<proposal date="2005-08-17">
<h:ul>
<h:li>
<h:p>Delete lines 458-461 of WS-ReliableMessaging-v1.0-wd-01</h:p>
</h:li>
<h:li>
<h:p>Delete lines 502-508 of WS-ReliableMessaging-v1.0-wd-01</h:p>
</h:li>
</h:ul>
</proposal>
<!-- resolution date="">[markup]</resolution -->
</issue>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]