[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Error Response for signature Validation failure
We should avoid use of SOAP Fault as we may have bindings other than SOAP. I suggest we use a RegistryError response with an errorCode = "SignatureValidationError". ---------------Snipet from Registry.xsd schema file relevant to above suggestion----------------- <element name = "RegistryError"> <complexType> <simpleContent> <extension base = "string"> <attribute name = "codeContext" use = "required" type = "string"/> <attribute name = "errorCode" use = "required" type = "string"/> <attribute name = "severity" use = "optional" type = "tns:ErrorType"/> <attribute name = "location" type = "string"/> </extension> </simpleContent> </complexType> </element> <element name = "RegistryResponse"> <complexType> <sequence> <choice minOccurs = "0"> <element ref = "tns:AdhocQueryResponse"/> <element ref = "tns:GetContentResponse"/> <element ref = "tns:GetClassificationTreeResponse"/> <element ref = "tns:GetClassifiedObjectsResponse"/> <element ref = "tns:GetRootClassificationNodesResponse"/> </choice> <element ref = "tns:RegistryErrorList" minOccurs = "0"/> </sequence> <attribute name = "status" use = "required"> <simpleType> <restriction base = "NMTOKEN"> <enumeration value = "success"/> <enumeration value = "failure"/> </restriction> </simpleType> </attribute> </complexType> </element> "Damodaran, Suresh" wrote: > Sekhar, > > Good point. ebXML MSG already has an error code > for Signature failure - see TRP 1.0 section 8.8.5.2 > "SecurityFailure." Were you asking whether we need > more application level semantic added to the error > message? I am not sure how best to do this with MSG. > For V2.0, perhaps we can limit to simply specifying > that the specifed error would be flagged, and assume > error handling is done by MSG? > > Yet another option is to use SOAP Fault. This will work > even if we do not use MSG. Something to look at later. > > Regards, > -Suresh > > -----Original Message----- > From: sekhar vajjhala [mailto:sekhar.vajjhala@Sun.COM] > Sent: Thursday, September 20, 2001 3:52 PM > To: regrep-security@lists.oasis-open.org > Subject: Error Response for signature Validation failure > > One thing I did not specify in the usage of XML DSIG for Registry, > is what happens if there is a signature validation failure . > > Specifically, the behaviour needs to be specified for the case > where the Registry's validation of the Registry Client's signature > fails. In this case the Registry would have to return and ebXML error > message. > > But should there be a more detailed error code ? In Version 1.0 of the > Registry Spec, the DTD at the end seems to be indicate that > an error code from ebMS (ebXML Message Service) specification would > be returned. > > -- > Sekhar > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> -- Regards, Farrukh
begin:vcard n:Najmi;Farrukh tel;work:781-442-0703 x-mozilla-html:FALSE url:www.sun.com org:Sun Microsystems;Java Software adr:;;1 Network Dr. MS BUR02-302;Burlington;MA;01803-0902;USA version:2.1 email;internet:najmi@east.sun.com fn:Farrukh Najmi end:vcard
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC