[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (AMQP-119) Deleting tokens
[ https://issues.oasis-open.org/browse/AMQP-119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=66058#comment-66058 ]
Rob Godfrey commented on AMQP-119:
----------------------------------
(from Clemens Vasters via e-mail)
The resource really is a token cache scoped to the connection and managed by the client. Expired tokens just go away. Delete on an empty named "slot" is a NOP.
The interactions with it happen under three circumstances:
a) put-token/delete-token calls
b) token acquisition at link creation
c) token reacquisiton as a link's token expires
You can replace or delete a token from that cache without affecting existing links.
Yanking a link from a client because of a server-side security concerns is a management operation on the broker that is orthogonal to this. It may refer to a/some claim(s) in the token, obviously.
> Deleting tokens
> ---------------
>
> Key: AMQP-119
> URL: https://issues.oasis-open.org/browse/AMQP-119
> Project: OASIS Advanced Message Queuing Protocol (AMQP) TC
> Issue Type: Bug
> Components: Claims Based Security
> Affects Versions: cbs-WD03
> Reporter: Rob Godfrey
>
> What happens to a token which has expired - is it necessary to explicitly delete it, or will it be automatically removed.
> Is it an error to delete a token which is no longer present? If so what is the error that should be expected? Are there any other "expected" errors (e.g. would it potentially be an error to remove a token which is currently "in use" - e.g. is required to prove the client has the authority to establish a link which is currently established)?
--
This message was sent by Atlassian JIRA
(v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]