OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [ebxml-dev] Authentication/Authorization with MSH?


I can see good reasons why you would defer Authorization to the middleware "BSI" layer. The authorization would refer to the particular business activity to be invoked on behalf of the incoming message, the knowledge of which I guess is held by the "BSI" and above layers. At times, the authorization logic may even depend upon some business contextual information, such as the previous activities performed on behalf of the message sender, etc.

Authentication on the other hand is generally an isolated step from the rest of the message processing. It is also better to perform authentication as soon as possible after the message enters the system. MSH therefore sounds like the right place for authentication from this perspective.

Just my 2 cents.

thanks,
Sanjay Patil
---------------------------------------------------------------
IONA                                        Phone: 408 350 9619
END 2 ANYWHERE                              http://www.iona.com


-----Original Message-----
From: Andrzej Jan Taramina [mailto:andrzej@chaeron.com]
Sent: Thursday, July 18, 2002 7:38 AM
To: Martin W Sachs
Cc: ebxml-dev@lists.ebxml.org
Subject: Re: [ebxml-dev] Authentication/Authorization with MSH?


Martin:

> Do you really want to do authentication/authorization inside the MSH (as
> defined by the MSG spec)?. If you really mean that you want to do it in the
> middleware ("BSI"), then I suggest that you look at what is defined in the CPPA
> specification.  The CPPA team has SAML support on its list for post version 2.
> If I remember correctly, we also have XACML on our futures list.

Actually....I'm not sure how to do it.....hence my post to the list asking for the 
collective wisdom of how to do auth/auth with ebXML.  Pros/Cons of doing before 
you hit the MSH....calling out from the MSH.....or in the BSI.....

Thanks!

...Andrzej

Chaeron Corporation
http://www.chaeron.com



----------------------------------------------------------------
The ebxml-dev list is sponsored by OASIS.
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.ebxml.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC