OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

amqp message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [amqp] AMQP CBS Status



On Fri, 8 Feb 2019 at 13:09, Clemens Vasters <clemensv@microsoft.com> wrote:

https://www.oasis-open.org/apps/org/workgroup/amqp/document.php?document_id=62097

Â

Iâve looked through the AMQP CBS spec once again and Iâm actually quite happy with it as it stands for the purpose of client authorization at a container, and I propose we start the process of turning it into a committee spec.

Â


It's been a long time since I looked at this... my main question is really whether we need to go into more detail about the form of the tokens. The document says things like "Before the Client establishes a link or sends messages to âq1â, it puts a token with the appropriate claims conferring âsendâ permission to âq1â on the CBS Node, and verifies its successful disposition. Tokens can be put at any time, and expiring tokens can be replaced at any time." What is "appropriate", how does the client know the form of token required? Moreover we define at least three token types - are we saying that every party must support all three, any one of the three, none at all? How is that information conveyed.

-- RobÂ
Â

I believe we will then need a further complementary spec for authorization in federation scenarios that answers questions like:

Â

  • How does authorization work for establishing links through intermediaries? Is there a token attached to the link and is that being propagated?
    • At the intermediary?
    • At the ultimate link destination?
  • How does authorization work for message based routing? Is there a token attached to the message?
    • At the intermediary?
    • At the ultimate message destination?
  • How do we attach tokens to AMQP URIs as a parameters?

Â

Â

Â

Â

cid:image002.jpg@01CD8B42.2D0DE480

Clemens Vasters

Messaging Platform Architect

Microsoft Azure

Ã+49 151 44063557

* clemensv@microsoft.com Â
European Microsoft Innovation Center GmbH |ÂGewÃrzmÃhlstrasse 11Â| 80539 Munich| Germany
GeschÃftsfÃhrer/General Managers: Keith Dolliver, Benjamin O. OrndorffÂ
Amtsgericht Aachen, HRB 12066

Â

Â



--
_____________________________________________________________________________

Red Hat GmbH,Âwww.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]