OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Issue 42: WS-SC HTTP Binding

This is now logged as issue 42.


-----Original Message-----
From: martin.raepple@sap.com [mailto:martin.raepple@sap.com] 
Sent: Monday, February 27, 2006 5:19 AM
To: ws-sx@lists.oasis-open.org
Cc: Marc Goodner
Subject: NEW Issue: WS-SC HTTP Binding

PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
THE ISSUE IS ASSIGNED A NUMBER.  
The issues coordinators will notify the list when that has occurred.

Protocol:  ws-sc

ws-secureconversation-1.3-spec-ed-01-r03-diff.doc

Artifact:  spec

Type:

design

Title:

WS-SC HTTP Binding

Description:

WS-SC introduces the Security Context (SCT) Token which contains a
unique identifier for a shared security context among the context
initiator (requester) and (1 to n) service endpoints. There are
certainly cases where the service endpoint is actually not one system
but a collection of systems (server farm) used for cluster computing.
Server farms are typically co-located with a load balancer which enables
communication between the different servers of the cluster and the users
of the cluster and may perform some type of load balancing

Based on the assumption that the servers in the cluster do not share a
common address space or use any other means to synchronize stateful
resources (such as the security context), the load balancer needs to
send all subsequent requests for the same client to same server which
has access to the previously created security context as part of the SCT
establishment phase (see section 3.3).

The load balancer could certainly look at the
wsse:security/wsc:SecurityContextToken/wsc:Identifier element to
determine the context identifier and route the request to the server
according to same sort of mapping. But this could have an impact of the
overall performance since the load balance has to look inside the
content of the HTTP request and parse the content of the SOAP message.

A much faster approach would be to carry the security context identifier
in the HTTP header. Such an HTTP binding for WS-SC could specify the
relationship between the WS-SC security context and the HTTP header and
should define the name and semantics of new custom HTTP header(s).


Related issues:


Proposed Resolution:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]