OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (EBXMLMSG-97) 7.11.2 X.509 tokens in Pull requests targeted to default role

    [ https://issues.oasis-open.org/browse/EBXMLMSG-97?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=66306#comment-66306 ] 

Sander Fieten commented on EBXMLMSG-97:
---------------------------------------

Based on section D.2 I would say that the configuration of the security header targeted at the default role/actor for a PullRequest is done in the PMode[1][s].Security.* parameters, i.e. the MSH should have the possibility to configure the PullRequest independently from the User Message. 

> 7.11.2  X.509 tokens in Pull requests targeted to default role
> --------------------------------------------------------------
>
>                 Key: EBXMLMSG-97
>                 URL: https://issues.oasis-open.org/browse/EBXMLMSG-97
>             Project: OASIS ebXML Messaging Services TC
>          Issue Type: Bug
>          Components: Core Spec
>            Reporter: Pim van der Eijk
>
> When sending a UserMessage,  the following parameter configures the use of X.509 or Username tokens on that message:
> PMode[1].Security.X509.*
> PMode[1].Security.UsernameToken.*
> This applies to the user message.   So if the user message is pulled, it applies to the pulled user message, not to the pull request.
> Section 7.10 describes that Pull requests can be authorized using a secondary WS-Security header targeting the "ebms" role.  This is configured using the following parameters:
> PMode.Initiator.Authorization.*
> This option is supported in AS4 (section 2.1.1) ebHandler as Authorization option 1.
> Section 7.11.2 states that PullRequests can also be secured using WS-Security tokens targeting the default "role".  Section 7.10 actually has an example that contains two WS-Security headers, targeting different roles. AS4 ebHandler refers to this as Authorization Option 2.  In the Core Specification it is not clear how this header is configured.
> See the next separate issue on AS4 and securing pull requests.



--
This message was sent by Atlassian JIRA
(v6.2.2#6258)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]