OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-rx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: FW: [ws-rx] Updated proposal for (as yet) unumbered issue: Need fault to indicate that security constraints have been violated

Security Processor can only perform basic security checks. That is, verifying the signature(s) over some parts of the message without any knowledge of what was actually signed on a sematic level. Assuming that this basic verification worked fine, but the token used to sign the CS message does not match the one contained in the CS message, who is going to determine this type of violation?
 
- Martin

From: Gilbert Pilz [mailto:Gilbert.Pilz@bea.com]
Sent: Montag, 31. Juli 2006 06:05
To: Anthony Nadalin
Cc: ws-rx@lists.oasis-open.org
Subject: RE: [ws-rx] Updated proposal for (as yet) unumbered issue: Need fault to indicate that security constraints have been violated

If the RM layer doesn't know about security constraints why did it include a STR in the CreateSequence message? What did the RM layer think it was doing by adding the UseSequenceSTR header to the SOAP envelope?
 
- gp

From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
Sent: Sunday, July 30, 2006 6:54 PM
To: Gilbert Pilz
Cc: ws-rx@lists.oasis-open.org
Subject: Re: [ws-rx] Updated proposal for (as yet) unumbered issue: Need fault to indicate that security constraints have been violated

RM does not know about any security constraints so I have no idea how RM can throw this, as this would have to come from the security processing or policy processing

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Inactive hide details for "Gilbert Pilz" <Gilbert.Pilz@bea.com>"Gilbert Pilz" <Gilbert.Pilz@bea.com>


          "Gilbert Pilz" <Gilbert.Pilz@bea.com>

          07/30/2006 05:48 PM

To
<ws-rx@lists.oasis-open.org>

cc

Subject
[ws-rx] Updated proposal for (as yet) unumbered issue: Need fault to indicate that security constraints have been violated

Attached is an updated proposal for the security fault issue. It is
provided in the form of a change-bar version of wsrm-1.1-spec-wd-15. The
changes are against the 7/28 version of the document (#44 in Kavi's list
of revisions).

There are three additions to the spec. Section 4.10 has been added to
describe the wsrm:SecurityViolation fault. A paragraph has been added to
section 6.1 that describes when the fault may be used. A similar
parapgraph has been added to section 6.2 to describe the possible use of
the fault when protecting a Sequence using SSL/TLS.

- gp
[attachment "wsrm-1.1-spec-wd-15.pdf" deleted by Anthony Nadalin/Austin/IBM]

GIF image

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]