[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (AMQP-137) Guidance should be given on associating the container identity to a security context
Rob Godfrey created AMQP-137:
--------------------------------
Summary: Guidance should be given on associating the container identity to a security context
Key: AMQP-137
URL: https://issues.oasis-open.org/browse/AMQP-137
Project: OASIS Advanced Message Queuing Protocol (AMQP) TC
Issue Type: Improvement
Components: Security
Reporter: Rob Godfrey
(Durable) Link identity is defined in terms of the tuple (source container id, target container id, name). As such if a connection is created to remote container C identifying itself as (local) container L, then that connection can recover (or steal) any durable links between L and R.
As such it is important that container identities are somehow tied to a security context. Each side in connection establishment should have some mechanism for verifying that their remote peer has the authority to claim the container-id they are presenting.
--
This message was sent by Atlassian JIRA
(v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]