OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

amqp message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (AMQP-109) Scope (connection/session) of CBS token

    [ https://issues.oasis-open.org/browse/AMQP-109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=66051#comment-66051 ] 

Rob Godfrey commented on AMQP-109:

As above, I think it would be a useful addition to allow the optional ability to support session scoped tokens.  (That is all containers supporting CBS need not support session scoped tokens, but we define a way to a) identify a container which does support such a scoping, and b) define how on such a container we can indicate the the put-token is scope to the session not the connection).

Note that for connection scoped (the default) this implies that a token with name X put on session 1 of the connection would be replaced if a token with the same name X was subsequently put on a different session of the same connection.  Similarly a token may be deleted on a different session (within the same connection) than that on which it was put.

> Scope (connection/session) of CBS token
> ---------------------------------------
>                 Key: AMQP-109
>                 URL: https://issues.oasis-open.org/browse/AMQP-109
>             Project: OASIS Advanced Message Queuing Protocol (AMQP) TC
>          Issue Type: Improvement
>          Components: Claims Based Security
>    Affects Versions: cbs-WD03
>            Reporter: Rob Godfrey
> I'm not sure that it is made explicit anywhere in the text as to the scope of $cbs - that is, are tokens sent to $cbs valid for the current connection, or only for operations on the session to which the link to $cbs was created.
> I *think* the intent is that the scope is for the entire connection (and clearly for the SASL mechanism the scope MUST be the entire connection since at the time of the SASL exchange there is no notion of sessions).
> One use case for AMQP sessions that has been discussed the past is that of a "connection concentrator" whereby an AMQP intermediary would take incoming connections and proxy those onto a single connection to a remote server using distinct sessions for each of the sessions on each of the "incoming" connections.  To support such a use case it might be nice to add an option "session-scoped" to the put-token operation to specify that the token is only valid for the current session.  This option would be optional and default to false.

This message was sent by Atlassian JIRA

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]