[OASIS Issue Tracker] Commented: (MQTT-52) Handling permission problems

[OASIS Issues Tracker <workgroup_mailer@lists.oasis-open.org>]

    [ http://tools.oasis-open.org/issues/browse/MQTT-52?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=35084#action_35084 ] 

Richard Coppen commented on MQTT-52:
------------------------------------

TC call 03.10.2013: TC agree to revise proposal and bring back to future TC call

> Handling permission problems
> ----------------------------
>
>                 Key: MQTT-52
>                 URL: http://tools.oasis-open.org/issues/browse/MQTT-52
>             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
>          Issue Type: Improvement
>          Components: core
>    Affects Versions: 3.1.1
>            Reporter: Richard Coppen
>             Fix For: 3.1.1
>
>
> What should a server do if a client attempts to perform an operation that is disallowed?
> For example:
> 1. Attempts to publish to a topic for which they do not have permission
> The input specification (which is not based on RFC2119 terminology) provides ambiguous guidance for such a scenario. 
> "Note that if a server implementation does not authorize a PUBLISH to be made by a client; it has no way of informing that client. It must therefore make a positive acknowledgement, according to the normal QoS rules, and the client will not be informed that it was not authorized to publish the message."
> This behavior is problematic (strictly enforced or not) since a valid client talking to a poorly configured server will continue to process work unaware of the problem. In practice it is very difficult, if not impossible, to write a client application with error handling and recovery logic to defend against it.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira