[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: 7.7.2 Security Processing Errors - Question
I am wondering if we should add one or more error codes to the Security Processing Errors table. Right now there is only EBMS:0101 - FailedAuthentication. Should we also add EBMS:0102 - FailedDecryption? Code: EBMS:0102 Short Desc: FailedDecryption Severity: failure Category: Processing Description: The encrypted data reference the SecurityHeader intended to the ebMS SOAP actor could not be decrypted by the Security Module. Also, I am wondering what a MSH should do when a message is received that does not meet the minimal security policy of the MSH (or Agreement in force). I could see a MSH returning EBMS:0010 - ProcessingModeMismatch when an unsigned message is received and the P-Mode requires a signature. What about the case when a MSH receives a message that is signed, but the signature does not cover the entire Messaging element? Or only the header is signed, and the data is not signed. We should define the behavior of the receiving MSH when a message is received that does not quite meet the minimal signature or encryption policies enforce for that message. We could state that EBMS:0101 and EBMS:0102 errors could be returned. Or we could create new error code(s) for this case. Let me know your thoughts. I would like to see this questions addressed in the next draft. Thanks, Ric
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]