OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Issue Comment Edited: (EBXMLMSG-14) 5.2.2.12 external payloads

    [ http://tools.oasis-open.org/issues/browse/EBXMLMSG-14?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=33985#action_33985 ] 

Pim van der Eijk edited comment on EBXMLMSG-14 at 6/26/13 4:49 PM:
-------------------------------------------------------------------

This may best be done in a separate profile for external payloads:

Other aspects:
-      Any authentication of the external payload identified by an http:// or https:// URI.    For example, the payload may be protected by HTTP authentication.  The configuration (username / password) may be pre-configured, perhaps by PMode parameters.  But it can also be included in the message (as special ebMS properties).
-      If we assume WS-Security support including encryption, then the submitting application cannot simply specify the external URI.  Instead the encrypted external payload will somehow be created by the WS-Security module of the sending MSH.   So the submit() operation is different.  The submitting application or middleware provides content (or a reference to content). The sending MSH processes this content and creates a reference to it,  perhaps on some web server under control of the MSH.  
-     The sending MSH will want to remove such payloads after some time, the time when this is done could be a parameter and it could be yet another property included in the message (just like websites supporting large transfer provide such information in notification emails).
-      Similarly, the deliver() operation will be different.  When the payload is encryption,  the receiving application or middleware should get the decrypted content, and the content validated by the WS-Security module (which may be different from a later download) so the URI of the external payload will be dereferenced before delivery.

Some of the above is functionality in proprietary messaging protocols.

-      Etc.


      was (Author: pvde):
    This may best be done in a separate profile for external payloads:

Other aspects:
-      Any authentication of the external payload identified by an http:// or https:// URI.    For example, the payload may be protected by HTTP authentication.  The configuration (username / password) may be pre-configured, perhaps by PMode parameters.  But it can also be included in the message (as special ebMS properties).
-      If we assume WS-Security support including encryption, then the submitting application cannot simply specify the external URI.  Instead the encrypted external payload will somehow be created by the WS-Security module of the sending MSH.   So the submit() operation is different.  The submitting application or middleware provides content (or a reference to content). The sending MSH processes this content and creates a reference to it,  perhaps on some web server under control of the MSH.  
-     The sending MSH will want to remove such payloads after some time, the time when this is done could be a parameter and it could be yet another property included in the message (just like websites supporting large transfer provide such information in notification emails).
-      Similarly, the deliver() operation will be different.  When the payload is encryption,  the receiving application or middleware should get the decrypted content, and the content validated by the WS-Security module (which may be different from a later download) so the URI of the external payload will be dereferenced before delivery.

..

-      Etc.

  
>  5.2.2.12 external payloads
> ---------------------------
>
>                 Key: EBXMLMSG-14
>                 URL: http://tools.oasis-open.org/issues/browse/EBXMLMSG-14
>             Project: OASIS ebXML Messaging Services TC
>          Issue Type: Improvement
>          Components: Core Spec
>            Reporter: Pim van der Eijk
>            Priority: Minor
>
> Sender and receiver may want to limit the domains on which external payloads can be stored,  for security or network configuration reasons.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]