OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (EBXMLMSG-15) D3.4 Pmodes for error handling

    [ https://issues.oasis-open.org/browse/EBXMLMSG-15?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=59924#comment-59924 ] 

Pim van der Eijk commented on EBXMLMSG-15:

Here is a related comment:

I am now working on new project that will use the Minimal Client for some stakeholders.

Here the idea is that all UserMessages will be secured using UserName tokens. This can be configured using the PMode[1].Security.UsernameToken.* parameters.

A PullRequest can be secured using a UserName token targeted to the "ebms" header,  as per section 5.2.3, Usage Profiling (a), option (1) and the PMode[1].Security.PModeAuthorize, PMode.Initiator.Authorization.username and PMode.Initiator.Authorization.password  parameters.

Now if the Minimal Client sends Errors or Receipts as standalone requests (not bundled with a PullRequest, see separate issue 50, https://issues.oasis-open.org/browse/EBXMLMSG-50 ),  it would be useful to secure them also using UserName tokens.

> D3.4 Pmodes for error handling
> ------------------------------
>                 Key: EBXMLMSG-15
>                 URL: https://issues.oasis-open.org/browse/EBXMLMSG-15
>             Project: OASIS ebXML Messaging Services TC
>          Issue Type: Improvement
>          Components: Core Spec
>            Reporter: Pim van der Eijk
> There does not seem to be a way to specify that ebMS3 error messages are to be signed or encrypted.    The parameters in D3.5 are about the business message.  In particular for asynchronous errors, it is useful to be able to authenticate the MSH that is posting this error to validate it is the MSH to which the message in error was sent and not some other.
> For AS4 we could simplify this and state that an asynchronous error on a message should be signed if and only if the message in error was signed, as we did with receipt.

This message was sent by Atlassian JIRA

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]