OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsrp-wsia message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [wsrp-wsia] [change request #40] Is Consumer-Producer communicationsecure?


Document: Spec & wsdl
Section: 6.1.2
Page/Line: 30/27
Requestedby: Michael Freedman
Old text:
Proposed text: add a secureConsumerCommunication boolean field
Reasoning: How does a Producer determine they were called via a secure 
channel?  I.e. does JAX-RPC and other webstacks provide the equivalent of 
an isSecure() call or do we have to pass this information?
[Eric VanLydegraf] This is always a problematic area, the security 
infrastructure should provide the security context, aka the transport is 
the only one that really knows, having anybody state the security setting 
is unverifiable information which defeats itself as far as security is 
concerned. The isSecure() is a good example of the infrastructure 
providing the information, as it does know exactly how the request was 
received. The web stacks will have to do the same thing or some other 
network or sofware infrastructure will have to enfoce the security 
requirements, because by the time the SOAP endpoint hands off the request 
it is too late.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC