[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (EBXMLMSG-97) 7.11.2 X.509 tokens in Pull requests targeted to default role
[ https://issues.oasis-open.org/browse/EBXMLMSG-97?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=66306#comment-66306 ] Sander Fieten commented on EBXMLMSG-97: --------------------------------------- Based on section D.2 I would say that the configuration of the security header targeted at the default role/actor for a PullRequest is done in the PMode[1][s].Security.* parameters, i.e. the MSH should have the possibility to configure the PullRequest independently from the User Message. > 7.11.2 X.509 tokens in Pull requests targeted to default role > -------------------------------------------------------------- > > Key: EBXMLMSG-97 > URL: https://issues.oasis-open.org/browse/EBXMLMSG-97 > Project: OASIS ebXML Messaging Services TC > Issue Type: Bug > Components: Core Spec > Reporter: Pim van der Eijk > > When sending a UserMessage, the following parameter configures the use of X.509 or Username tokens on that message: > PMode[1].Security.X509.* > PMode[1].Security.UsernameToken.* > This applies to the user message. So if the user message is pulled, it applies to the pulled user message, not to the pull request. > Section 7.10 describes that Pull requests can be authorized using a secondary WS-Security header targeting the "ebms" role. This is configured using the following parameters: > PMode.Initiator.Authorization.* > This option is supported in AS4 (section 2.1.1) ebHandler as Authorization option 1. > Section 7.11.2 states that PullRequests can also be secured using WS-Security tokens targeting the default "role". Section 7.10 actually has an example that contains two WS-Security headers, targeting different roles. AS4 ebHandler refers to this as Authorization Option 2. In the Core Specification it is not clear how this header is configured. > See the next separate issue on AS4 and securing pull requests. -- This message was sent by Atlassian JIRA (v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]