OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

regrep-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: Error Response for signature Validation failure

"Damodaran, Suresh" wrote:
> Sekhar,
> Good point. ebXML MSG already has an error code
> for Signature failure - see TRP 1.0 section
> "SecurityFailure." Were you asking whether we need
> more application level semantic added to the error
> message? I am not sure how best to do this with MSG.
> For V2.0, perhaps we can limit to simply specifying
> that the specifed error would be flagged, and assume
> error handling is done by MSG?
I was referring to the case where Registry Client and
Registry interoperate using SOAP *NOT* ebMS. In this
case, there somewhere there needs to be a specification
of how signature validation failures are handled and what
error is returned on a signature validation failure.

In Version 1.0, ebRS seems to specify that an ebXML error
message would be returned. The error code returned within
the error message is itself specified by ebMS ( i.e.

In Version 2.0, since ebRS can be bound to either ebMS
or SOAP (or SOAP compliant protocol), ebRS specification
cannot simply reference ebMS error codes. ebRS specification
would have to cover bindings other than ebMS. So my 
question was:

   what should the error code be when ebMS is not being used ?
   And where would this error be specified ?

> Yet another option is to use SOAP Fault. This will work
> even if we do not use MSG. Something to look at later.
> Regards,
> -Suresh

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC