[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [wsrp-wsia] [change request #40] Is Consumer-Producercommunication secure?
I understand Eric's comment such that we should not add such a flag as it is inherently unverifiable. I agree to this. Best regards Carsten Leue ------- Dr. Carsten Leue Dept.8288, IBM Laboratory Böblingen , Germany Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401 Rich Thompson/Watson/I BM@IBMUS To wsrp-wsia@lists.oasis-open.org 01/24/2003 04:28 cc PM Subject [wsrp-wsia] [change request #40] Is Consumer-Producer communication secure? Document: Spec & wsdl Section: 6.1.2 Page/Line: 30/27 Requestedby: Michael Freedman Old text: Proposed text: add a secureConsumerCommunication boolean field Reasoning: How does a Producer determine they were called via a secure channel? I.e. does JAX-RPC and other webstacks provide the equivalent of an isSecure() call or do we have to pass this information? [Eric VanLydegraf] This is always a problematic area, the security infrastructure should provide the security context, aka the transport is the only one that really knows, having anybody state the security setting is unverifiable information which defeats itself as far as security is concerned. The isSecure() is a good example of the infrastructure providing the information, as it does know exactly how the request was received. The web stacks will have to do the same thing or some other network or sofware infrastructure will have to enfoce the security requirements, because by the time the SOAP endpoint hands off the request it is too late. ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC