OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (EBXMLMSG-97) 7.11.2 X.509 tokens in Pull requests targeted to default role

    [ https://issues.oasis-open.org/browse/EBXMLMSG-97?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=66306#comment-66306 ] 

Sander Fieten edited comment on EBXMLMSG-97 at 5/24/17 1:57 PM:
----------------------------------------------------------------

Based on section D.2 I would say that the configuration of the security header targeted at the default role/actor for a PullRequest is done in the PMode[1][s].Security.* parameters, i.e. the MSH should have the possibility to configure the PullRequest independently from the User Message. 
According to this notation the parameters to secure the User Message should be specified as PMode[1][u].Security.* when using the pull mechanism.

I would however say that the PMode[1].Security notation can be used for both User and Signal messages and just indicates how the MSH should secure the message it sends.   


was (Author: sanderfieten):
Based on section D.2 I would say that the configuration of the security header targeted at the default role/actor for a PullRequest is done in the PMode[1][s].Security.* parameters, i.e. the MSH should have the possibility to configure the PullRequest independently from the User Message. 

> 7.11.2  X.509 tokens in Pull requests targeted to default role
> --------------------------------------------------------------
>
>                 Key: EBXMLMSG-97
>                 URL: https://issues.oasis-open.org/browse/EBXMLMSG-97
>             Project: OASIS ebXML Messaging Services TC
>          Issue Type: Bug
>          Components: Core Spec
>            Reporter: Pim van der Eijk
>
> When sending a UserMessage,  the following parameter configures the use of X.509 or Username tokens on that message:
> PMode[1].Security.X509.*
> PMode[1].Security.UsernameToken.*
> This applies to the user message.   So if the user message is pulled, it applies to the pulled user message, not to the pull request.
> Section 7.10 describes that Pull requests can be authorized using a secondary WS-Security header targeting the "ebms" role.  This is configured using the following parameters:
> PMode.Initiator.Authorization.*
> This option is supported in AS4 (section 2.1.1) ebHandler as Authorization option 1.
> Section 7.11.2 states that PullRequests can also be secured using WS-Security tokens targeting the default "role".  Section 7.10 actually has an example that contains two WS-Security headers, targeting different roles. AS4 ebHandler refers to this as Authorization Option 2.  In the Core Specification it is not clear how this header is configured.
> See the next separate issue on AS4 and securing pull requests.



--
This message was sent by Atlassian JIRA
(v6.2.2#6258)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]