[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (AMQP-105) AMQPCBS: Indicating that multiple challenge-responses are required to transmit token set
Brian Raymor created AMQP-105:
---------------------------------
Summary: AMQPCBS: Indicating that multiple challenge-responses are required to transmit token set
Key: AMQP-105
URL: https://issues.oasis-open.org/browse/AMQP-105
Project: OASIS Advanced Message Queuing Protocol (AMQP) TC
Issue Type: Improvement
Components: Claims Based Security
Affects Versions: cbs-WD03
Reporter: Brian Raymor
Assignee: Brian Raymor
Fix For: cbs-WD04
If the token set exceeds the frame size for sasl-init, then additional sasl-challenge and sasl-response pairs are required to send the remaining tokens.
Multiple approaches are possible. WD3 uses a simple strawman to encourage discussion. When the server has received all the tokens based on the token count, it stops sending sasl-challenge and sends a sasl-outcome.
Other options include:
• The equivalent of the transfer more field is added to the response data:
RESPONSE = TOKEN-COUNT 1*TOKEN MORE
to indicate whether additional sasl-challenge and sasl-response frames are required to complete the exchange.
• A "magic" value like NUL NUL could follow the last token and signal completion.
• The server always sends an "empty" sasl-challenge and the client responds with an "empty" sasl-response when the exchange is complete. This is especially inefficient if all the tokens are sent in the sasl-init.
--
This message was sent by Atlassian JIRA
(v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]