ws-rx message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [ws-rx] New Issue: need fault to indicate that security constraintshave been violated
- From: Anthony Nadalin <drsecure@us.ibm.com>
- To: "Gilbert Pilz" <Gilbert.Pilz@bea.com>
- Date: Wed, 26 Jul 2006 00:37:25 -0500
Generating faults relative to security have often been avoided due to information exposure. In the case that you describe I would imagine that this would just be a fault from the security domain policy saying that policy does not match
Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
"Gilbert Pilz" <Gilbert.Pilz@bea.com>
"Gilbert Pilz" <Gilbert.Pilz@bea.com>
07/25/2006 03:39 PM
|
|
Title: Need fault to indicate that security constraints have been
violated.
Description: There is currently no mechanism for the RMS or RMD to
indicate (either to each other or an administrator via either a log file
or some other mechanism) that the agreed upon security constraints have
been violated.
Justification: Suppose that the RMS and RMD have agreed that all the
messages related to a particular Sequence should be protected by a
specific Security Context. What should the RMD do when it receives a
message that contains a Sequence Header with an ID that matches that
Sequence but which is signed by some other Security Context Token?
Obviously there are a whole range of answers to that question depending
upon the environment (production or development), security policies,
etc. but it seems that most of these answers would include the notion of
generating a fault to indicate what has happened.
Target: core
Proposal: Add the following fault to Section 4:
4.x Security Violation
This fault is generated by either the RM Source or the RM Destination in
response to a message that violates the agreed upon security constraints
for the Sequence to which the message applies.
[Code] Sender
[Subcode] wsrm:SecurityViolation
[Reason] The received message violates the security constraints for its
related Sequence.
[Detail] xs:any
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]