[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (EBXMLMSG-98) AS4 5.2.3, securing pull requests
Pim van der Eijk created EBXMLMSG-98: ---------------------------------------- Summary: AS4 5.2.3, securing pull requests Key: EBXMLMSG-98 URL: https://issues.oasis-open.org/browse/EBXMLMSG-98 Project: OASIS ebXML Messaging Services TC Issue Type: Bug Components: AS4 Profile, Core Spec Reporter: Pim van der Eijk In section 5.2.3 of AS4 it is claimed that the header is configured using the PMode[1].Security.X509. parameters: "PMode[1].Security.X509.sign: (for option (b)) PMode[1].Security.X509.SignatureCertificate: (for option (b))" "NOTE: in (b), the P-Mode parameters about X509 are controlling both the authentication of eb:PullRequest signals and authentication of other User Messages". But it is not possible to use the same parameters for signing both the (pulled) user message and the (pulling) pull request signal message. The pull request is signed by the initiator (receiver). The certificate used is the certificate of the initiator. The user message is signed by the responder (sender). The certificate used is the certificate of the responder. So we need separate parameters to configure the two certificates. (And "SignatureCertificate" should be "Signature.Certificate"). This is a follow on from https://issues.oasis-open.org/browse/EBXMLMSG-97. A separate issue is created as it relates to a different specificaion document. -- This message was sent by Atlassian JIRA (v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]