Re: [ws-rx] New Issue: need fault to indicate that security constraintshave been violated

[Anthony Nadalin <drsecure@us.ibm.com>]

Generating faults relative to security have often been avoided due to information exposure. In the case that you describe I would imagine that this would just be a fault from the security domain policy saying that policy does not match

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
"Gilbert Pilz" <Gilbert.Pilz@bea.com>

"Gilbert Pilz" <Gilbert.Pilz@bea.com>

07/25/2006 03:39 PM

To	<ws-rx@lists.oasis-open.org>
cc
Subject	[ws-rx] New Issue: need fault to indicate that security constraints have been violated

Title: Need fault to indicate that security constraints have been
violated.

Description: There is currently no mechanism for the RMS or RMD to
indicate (either to each other or an administrator via either a log file
or some other mechanism) that the agreed upon security constraints have
been violated.

Justification: Suppose that the RMS and RMD have agreed that all the
messages related to a particular Sequence should be protected by a
specific Security Context. What should the RMD do when it receives a
message that contains a Sequence Header with an ID that matches that
Sequence but which is signed by some other Security Context Token?
Obviously there are a whole range of answers to that question depending
upon the environment (production or development), security policies,
etc. but it seems that most of these answers would include the notion of
generating a fault to indicate what has happened.

Target: core

Proposal: Add the following fault to Section 4:

4.x Security Violation

This fault is generated by either the RM Source or the RM Destination in
response to a message that violates the agreed upon security constraints
for the Sequence to which the message applies.

[Code] Sender

[Subcode] wsrm:SecurityViolation

[Reason] The received message violates the security constraints for its
related Sequence.

[Detail] xs:any