OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

regrep-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: Error Response for signature Validation failure


We should avoid use of SOAP Fault as we may have bindings other than SOAP.

I suggest we use a RegistryError response with an errorCode =
"SignatureValidationError".

---------------Snipet from Registry.xsd schema file relevant to above
suggestion-----------------

 <element name = "RegistryError">
  <complexType>
   <simpleContent>
    <extension base = "string">
     <attribute name = "codeContext" use = "required" type = "string"/>
     <attribute name = "errorCode" use = "required" type = "string"/>
     <attribute name = "severity" use = "optional" type =
"tns:ErrorType"/>
     <attribute name = "location" type = "string"/>
    </extension>
   </simpleContent>
  </complexType>
 </element>
 <element name = "RegistryResponse">
  <complexType>
   <sequence>
    <choice minOccurs = "0">
     <element ref = "tns:AdhocQueryResponse"/>
     <element ref = "tns:GetContentResponse"/>
     <element ref = "tns:GetClassificationTreeResponse"/>
     <element ref = "tns:GetClassifiedObjectsResponse"/>
     <element ref = "tns:GetRootClassificationNodesResponse"/>
    </choice>
    <element ref = "tns:RegistryErrorList" minOccurs = "0"/>
   </sequence>
   <attribute name = "status" use = "required">
    <simpleType>
     <restriction base = "NMTOKEN">
      <enumeration value = "success"/>
      <enumeration value = "failure"/>
     </restriction>
    </simpleType>
   </attribute>
  </complexType>
 </element>


"Damodaran, Suresh" wrote:

> Sekhar,
>
> Good point. ebXML MSG already has an error code
> for Signature failure - see TRP 1.0 section 8.8.5.2
> "SecurityFailure." Were you asking whether we need
> more application level semantic added to the error
> message? I am not sure how best to do this with MSG.
> For V2.0, perhaps we can limit to simply specifying
> that the specifed error would be flagged, and assume
> error handling is done by MSG?
>
> Yet another option is to use SOAP Fault. This will work
> even if we do not use MSG. Something to look at later.
>
> Regards,
> -Suresh
>
> -----Original Message-----
> From: sekhar vajjhala [mailto:sekhar.vajjhala@Sun.COM]
> Sent: Thursday, September 20, 2001 3:52 PM
> To: regrep-security@lists.oasis-open.org
> Subject: Error Response for signature Validation failure
>
> One thing I did not specify in the usage of XML DSIG for Registry,
> is what happens if there is a signature validation failure .
>
> Specifically, the behaviour needs to be specified for the case
> where the Registry's validation of the Registry Client's signature
> fails. In this case the Registry would have to return and ebXML error
> message.
>
> But should there be a more detailed error code ? In Version 1.0 of the
> Registry Spec, the DTD at the end seems to be indicate that
> an error code from ebMS (ebXML Message Service) specification would
> be returned.
>
> --
> Sekhar
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>

--
Regards,
Farrukh

begin:vcard 
n:Najmi;Farrukh
tel;work:781-442-0703
x-mozilla-html:FALSE
url:www.sun.com
org:Sun Microsystems;Java Software
adr:;;1 Network Dr. MS BUR02-302;Burlington;MA;01803-0902;USA
version:2.1
email;internet:najmi@east.sun.com
fn:Farrukh Najmi
end:vcard


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC