RE: [ws-rx] : clarify difference between "sequence" and "non-sequence" faults

["Gilbert Pilz" <Gilbert.Pilz@bea.com>]

You forgot to mention WSRMRequired; it, also, is not related to a specific Sequence.

 

I think the distinction between sequence related and non-sequence related faults is an important one. If you are worried about Sequence hijacking (as I know we all are) the RMS or RMD needs to perform a check on all sequence related faults to make sure that whoever issued the fault is, in fact, authorized to do so for that Sequence. Although there are some interesting attacks that can be carried out with non-sequence related faults, you can't defend against them based on knowledge of the Sequence to which they apply (because they don't).

 

- gp

---

From: Doug Davis [mailto:dug@us.ibm.com]
Sent: Wednesday, March 01, 2006 1:08 PM
To: Gilbert Pilz
Subject: Re: [ws-rx] NEW ISSUE: clarify difference between "sequence" and "non-sequence" faults

Not sure we want to make this an issue.  Originally that sentence was talking about the CreateSequence operation.  I have a fix for this to add back in the appropriate text stating so I think that would make this issue go away.

Faults for the CreateSequence message exchange are treated as defined in WS-Addressing. CreateSequenceRefused is a possible fault reply for this operation. UnknownSequence is a fault generated by endpoints when messages carrying RM header blocks targeted at unrecognized or terminated sequences are detected, these faults are also treated as defined in WS-Addressing.

-Doug

"Gilbert Pilz" <Gilbert.Pilz@bea.com>

03/01/2006 03:39 PM

To	<ws-rx@lists.oasis-open.org>
cc
Subject	[ws-rx] NEW ISSUE: clarify difference between "sequence" and "non-sequence" faults

Title:  Clarify difference between "sequence related" and "non-sequence related" faults.
 
Description: The second paragraph of Section 4 (lines 659-665 of http://www.oasis-open.org/committees/download.php/16851/wsrm-1.1-spec-wd-10.pdf) appears somewhat garbled. For example it states "CreateSequenceRefused is a possible fault reply for this operation" without any indication of what "this operation" refers to.
 
Justification: The difference between faults that are related to a specific sequence and those that are not is an important one that needs to be clarified.
 
Target: wsrm
 
Type: editorial
 
Proposal: TBD
 
Related Issues: none
_______________________________________________________________________
Notice:  This email message, together with any attachments, may contain
information  of  BEA Systems,  Inc.,  its subsidiaries  and  affiliated
entities,  that may be confidential,  proprietary,  copyrighted  and/or
legally privileged, and is intended solely for the use of the individual
or entity named in this message. If you are not the intended recipient,
and have received this message in error, please immediately return this
by email and then delete it.

_______________________________________________________________________
Notice:  This email message, together with any attachments, may contain
information  of  BEA Systems,  Inc.,  its subsidiaries  and  affiliated
entities,  that may be confidential,  proprietary,  copyrighted  and/or
legally privileged, and is intended solely for the use of the individual
or entity named in this message. If you are not the intended recipient,
and have received this message in error, please immediately return this
by email and then delete it.