OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: 7.7.2 Security Processing Errors - Question

I am wondering if we should add one or more error codes to the Security
Processing Errors table. Right now there is only EBMS:0101 -
FailedAuthentication. Should we also add EBMS:0102 - FailedDecryption?

Code: EBMS:0102
Short Desc: FailedDecryption
Severity: failure
Category: Processing
Description: The encrypted data reference the SecurityHeader intended to the
ebMS SOAP actor could not be decrypted by the Security Module.

Also, I am wondering what a MSH should do when a message is received that
does not meet the minimal security policy of the MSH (or Agreement in
force). I could see a MSH returning EBMS:0010 - ProcessingModeMismatch when
an unsigned message is received and the P-Mode requires a signature. What
about the case when a MSH receives a message that is signed, but the
signature does not cover the entire Messaging element? Or only the header is
signed, and the data is not signed. We should define the behavior of the
receiving MSH when a message is received that does not quite meet the
minimal signature or encryption policies enforce for that message.
We could state that EBMS:0101 and EBMS:0102 errors could be returned. Or we
could create new error code(s) for this case.

Let me know your thoughts. I would like to see this questions addressed in
the next draft.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]