OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

amqp message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Interaction of Anonymous Terminus and CBS

I am going to add a section on the interaction of the anonymous terminus and CBS into the CBS spec, since that turned out to be a puzzle solve in the last couple of weeks for our product group.


The questions are these:


If we allow creating links to the anonymous terminus and routing via the anonymous terminus,

  1. how do the tokens in the CBS cache apply to the routing gesture and
  2. how is creating the link to the anonymous terminus authorized


How we are answering that for ourselves is:

  1. The CBS token cache for the “to” target is formally evaluated each time a message is routed from the anonymous terminus. There’s caching optimization potential here, obviously.
  2. If CBS is being used with no overlaid lower level authN/Z (i.e. SASL ANONYMOUS), we will only permit establishing an anonymous terminus link, if there is at least one valid token present the CBS token cache. The link is permitted to exist for a timespan less or equal to the latest expiry instant present in the CBS token cache. Updating a token with a later expiry will extend the permitted lifespan of the anonymous terminus link.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]