[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [wsrp-wsia] [change request #40] Is Consumer-Producer communicationsecure?
Document: Spec & wsdl Section: 6.1.2 Page/Line: 30/27 Requestedby: Michael Freedman Old text: Proposed text: add a secureConsumerCommunication boolean field Reasoning: How does a Producer determine they were called via a secure channel? I.e. does JAX-RPC and other webstacks provide the equivalent of an isSecure() call or do we have to pass this information? [Eric VanLydegraf] This is always a problematic area, the security infrastructure should provide the security context, aka the transport is the only one that really knows, having anybody state the security setting is unverifiable information which defeats itself as far as security is concerned. The isSecure() is a good example of the infrastructure providing the information, as it does know exactly how the request was received. The web stacks will have to do the same thing or some other network or sofware infrastructure will have to enfoce the security requirements, because by the time the SOAP endpoint hands off the request it is too late.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC