OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

amqp message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [OASIS Issue Tracker] (AMQP-104) SASL Outcome: differentiating application-data based on code


    [ https://issues.oasis-open.org/browse/AMQP-104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=66578#comment-66578 ] 

Brian Raymor commented on AMQP-104:
-----------------------------------

Just noticed that additional-data cannot be set for validation failures. From AMQP Core 5.3.3.5 SASL Outcome:

The additional-data field carries additional data on successful authentication outcome as specified
by the SASL specification [RFC4422]. If the authentication is unsuccessful, this field is not set.

RFC4422 - https://tools.ietf.org/html/rfc4422#section-3.6 (strangely non-normative):

   The protocol may include an optional additional data field in this
   outcome message.  This field can only include additional data when
   the outcome is successful.


> SASL Outcome: differentiating application-data based on code
> ------------------------------------------------------------
>
>                 Key: AMQP-104
>                 URL: https://issues.oasis-open.org/browse/AMQP-104
>             Project: OASIS Advanced Message Queuing Protocol (AMQP) TC
>          Issue Type: Improvement
>          Components: Claims Based Security
>    Affects Versions: cbs-WD03
>            Reporter: Brian Raymor
>            Assignee: Brian Raymor
>             Fix For: cbs-WD04
>
>
> The current text:
> If the exchange was unsuccessful, the additional-data field in the sasl-outcome frame body contains a list of error message strings for token names which caused the authentication to fail. 
> //
> What about more general failures such as 5 tokens were promised but 4 were transferred?
> Do we want to differentiate the contents of additional-data based on the value of the code field?
> 0 Connection authentication succeeded.
> 1 Connection authentication failed due to an unspecified problem with the supplied credentials.
> 2 Connection authentication failed due to a system error.
> 3 Connection authentication failed due to a system error that is unlikely to be corrected without intervention.
> 4 Connection authentication failed due to a transient system error.



--
This message was sent by Atlassian JIRA
(v6.2.2#6258)


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]