OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [ebxml-dev] Authentication/Authorization with MSH?

I agree. The authentication step should occur before anything else. In this 
regard we perform authentication before the message even reaches the ebXML 
MSH since we don't want to waste time unpacking any ebXML content before 
confirming that we should just reject this message out of hand.

Fraser.


>From: "Patil, Sanjaykumar" <sanjay.patil@iona.com>
>To: andrzej@chaeron.com, Martin W Sachs <mwsachs@us.ibm.com>
>CC: ebxml-dev@lists.ebxml.org
>Subject: RE: [ebxml-dev] Authentication/Authorization with MSH?
>Date: Thu, 18 Jul 2002 10:44:37 -0700
>
>
>I can see good reasons why you would defer Authorization to the middleware 
>"BSI" layer. The authorization would refer to the particular business 
>activity to be invoked on behalf of the incoming message, the knowledge of 
>which I guess is held by the "BSI" and above layers. At times, the 
>authorization logic may even depend upon some business contextual 
>information, such as the previous activities performed on behalf of the 
>message sender, etc.
>
>Authentication on the other hand is generally an isolated step from the 
>rest of the message processing. It is also better to perform authentication 
>as soon as possible after the message enters the system. MSH therefore 
>sounds like the right place for authentication from this perspective.
>
>Just my 2 cents.
>
>thanks,
>Sanjay Patil
>---------------------------------------------------------------
>IONA                                        Phone: 408 350 9619
>END 2 ANYWHERE                              http://www.iona.com
>
>
>-----Original Message-----
>From: Andrzej Jan Taramina [mailto:andrzej@chaeron.com]
>Sent: Thursday, July 18, 2002 7:38 AM
>To: Martin W Sachs
>Cc: ebxml-dev@lists.ebxml.org
>Subject: Re: [ebxml-dev] Authentication/Authorization with MSH?
>
>
>Martin:
>
> > Do you really want to do authentication/authorization inside the MSH (as
> > defined by the MSG spec)?. If you really mean that you want to do it in 
>the
> > middleware ("BSI"), then I suggest that you look at what is defined in 
>the CPPA
> > specification.  The CPPA team has SAML support on its list for post 
>version 2.
> > If I remember correctly, we also have XACML on our futures list.
>
>Actually....I'm not sure how to do it.....hence my post to the list asking 
>for the
>collective wisdom of how to do auth/auth with ebXML.  Pros/Cons of doing 
>before
>you hit the MSH....calling out from the MSH.....or in the BSI.....
>
>Thanks!
>
>...Andrzej
>
>Chaeron Corporation
>http://www.chaeron.com
>
>
>
>----------------------------------------------------------------
>The ebxml-dev list is sponsored by OASIS.
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.ebxml.org/ob/adm.pl>
>
>----------------------------------------------------------------
>The ebxml-dev list is sponsored by OASIS.
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.ebxml.org/ob/adm.pl>




_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC