[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-rx] New Issue: need fault to indicate that security constraints have been violated
Call it proposed-01, this is the only new issue I have seen. -----Original Message----- From: Gilbert Pilz [mailto:Gilbert.Pilz@bea.com] Sent: Tuesday, July 25, 2006 1:39 PM To: ws-rx@lists.oasis-open.org Subject: [ws-rx] New Issue: need fault to indicate that security constraints have been violated Title: Need fault to indicate that security constraints have been violated. Description: There is currently no mechanism for the RMS or RMD to indicate (either to each other or an administrator via either a log file or some other mechanism) that the agreed upon security constraints have been violated. Justification: Suppose that the RMS and RMD have agreed that all the messages related to a particular Sequence should be protected by a specific Security Context. What should the RMD do when it receives a message that contains a Sequence Header with an ID that matches that Sequence but which is signed by some other Security Context Token? Obviously there are a whole range of answers to that question depending upon the environment (production or development), security policies, etc. but it seems that most of these answers would include the notion of generating a fault to indicate what has happened. Target: core Proposal: Add the following fault to Section 4: 4.x Security Violation This fault is generated by either the RM Source or the RM Destination in response to a message that violates the agreed upon security constraints for the Sequence to which the message applies. [Code] Sender [Subcode] wsrm:SecurityViolation [Reason] The received message violates the security constraints for its related Sequence. [Detail] xs:any
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]