OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

regrep-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Error Response for signature Validation failure


We need to submit our proposal to the regrep TC
latest by Oct 3. Given that we need to figure out
what we can or cannot do in that time frame.

Item 2 below could be a good recommendation that
can be made - we wouldn't have time to actually design those codes.
Item 1, I am thinking is out of scope for at least V2.

-----Original Message-----
From: sekhar vajjhala [mailto:sekhar.vajjhala@Sun.COM]
Sent: Monday, September 24, 2001 12:52 PM
To: Damodaran, Suresh
Cc: 'Farrukh Najmi'; regrep-security@lists.oasis-open.org
Subject: Re: Error Response for signature Validation failure

"Damodaran, Suresh" wrote:
> Unfortunately, MSG discourages use of other errorCodes
> than those defined in the spec (Sec second para
> "Use of non-ebXML values for errorCodes is NOT RECOMMENDED.
> In addition, an implementation of this specification MUST NOT
> use its own errorCodes if an existing errorCode as defined
> in this section has the same or very similar meaning.")
> This limits us to use the errorCode "SecurityFailure" that
> maps to "Validation of signatures ... failed."

As I noted in another email thread, "SecurityFailure" error
is only applicable when ebMS is being used.

So the issues are :

1. For those cases, when SOAP (or SOAP compliant protocols)
   are being used, then what should the error code be ?
2. Should there be "protocol independent" error code specified
   be ebRS ?
   For example, ebRS would always return a "SigatureValidationFailure"
   regardless of the underlying transport ( ebMS, SOAP etc). ebRS
   would be responsible for mapping the error code from the underlying
   transport to a ebRS specific error code.

> Farrukh, you might be seeing something that I am not,
> in which case, please let me know.
> As for SOAP Fault, not sure what other bindings you are
> thinking about (not using SOAP at all?) I don't like
> using SOAP Fault from a design point of view, rather
> would like to have it in the MSG layer. I would like
> to understand where you are coming from.
> Cheers,
> -Suresh

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC