OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

amqp message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [OASIS Issue Tracker] (AMQP-118) Add ability to retrieve tokens currently associated with the connection


Rob Godfrey created AMQP-118:
--------------------------------

             Summary: Add ability to retrieve tokens currently associated with the connection
                 Key: AMQP-118
                 URL: https://issues.oasis-open.org/browse/AMQP-118
             Project: OASIS Advanced Message Queuing Protocol (AMQP) TC
          Issue Type: Improvement
          Components: Claims Based Security
            Reporter: Rob Godfrey


From: https://lists.oasis-open.org/archives/amqp-comment/201704/msg00001.html

Hi there,

I was reading through draft version 3 of the Claims Based Security document.

The draft seems to only cover the case where a client wants to put one or more token(s) to a CBS node that it already has, i.e. the tokens have been issued by some other mechanism to the client already. Since section 4 already describes the usage of TLS and SASL to authenticate the client during connection establishment, I was wondering whether you have considered to also allow for the container hosting the CBS node to create a token by itself based on the credentials conveyed to it during the SASL exchange and then make the token available to the client for retrieval, resulting in something like a "get token" operation.

IMHO this would be useful in order to not require the client to connect to another service upfront in order to get a token. Instead, the server could either itself issue a token based on the verified credentials provided by the client or delegate this task to an identity provider it has a trust relationship with.

This way, the client could use the same token for other connections (e.g. to other resource managers of the same overall system).

Does this make any sense?


Mit freundlichen Grüßen / Best regards

Kai Hudalla
Chief Software Architect



--
This message was sent by Atlassian JIRA
(v6.2.2#6258)


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]