OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Updated: (EBXMLMSG-20) 7.10 Message Authoritzation

     [ http://tools.oasis-open.org/issues/browse/EBXMLMSG-20?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Pim van der Eijk updated EBXMLMSG-20:

OK,  we mentioned that a implementation can constrain the universe of possible PModes such that a FIFO implementation is possible.  This is the case if any puller authorized to pull from a Pmode with MPC X is authorized (with same credentials) for all Pmode with MPC X.    This can be worded as:

"An implementation MAY constrain allowed Pmode configurations such that,  if it is authorized to pull messages of a particular PMode with MPC X, it is authorized to pull all messages with MPC X. Effectively this implementation option would replace the fine-grained PMode authorization with a coarser-grained MPC authorization."

> 7.10 Message Authoritzation
> ---------------------------
>                 Key: EBXMLMSG-20
>                 URL: http://tools.oasis-open.org/issues/browse/EBXMLMSG-20
>             Project: OASIS ebXML Messaging Services TC
>          Issue Type: Improvement
>          Components: Core Spec
>            Reporter: Pim van der Eijk
> This section describes message authorization and states:
> "This Pull signal can effect message delivery from MPC "http://msh.example.com/mpc123"; only if its credentials match the authorization parameters of at least one P-Mode associated with pulling messages on this MPC"
> This raises the following question:   if a pulling MSH1 uses credentials that are valid for messages of Pmode P1 but not for messages of Pmode P2,  but both P2 and P2 are sent on MSH2 on MPC "http://msh.example.com/mpc123";,  and if both a P1 message and a P2 message have been submitted to this MPC (and queued for pulling),  will the pull request (or a series of repeated pull requests) from MSH1:
> (a) return P1 but not P2?    In that case the pulling is not a simple "dequeue" but assumes some filtering of messages on an MPC,  which is 
> (b) return P1 and P2?   In that case the server MSH2 will return P2 messages to MSH1 that violate its Pmode configuration only because MSH1 is allowed to pull P1 messages.
> The simpler option would be to have a one-to-one authorization of pullings MSHs to MPCs,  meaning the authorization is on MPC rather than on PMode.  This can be viewed as a constraint on PMode configurations.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]