atom feed3 messages in org.oasis-open.lists.wsrmRe: [wsrm] Comments on WS-Reliability...
FromSent OnAttachments
Alan WeissbergerApr 19, 2004 3:42 pm 
Pete WenzelApr 19, 2004 3:59 pm 
Furniss, PeterApr 20, 2004 2:19 am 
Subject:Re: [wsrm] Comments on WS-Reliability CD 0.992
From:Pete Wenzel (pe@seebeyond.com)
Date:Apr 19, 2004 3:59:03 pm
List:org.oasis-open.lists.wsrm

Thus spoke Alan Weissberger (ajw@technologist.com) on Mon, Apr 19, 2004 at 05:59:37PM -0500:

I agree with Pete about explicitly forbidding an intermediary from tampering with WS Reliability headers. In particular we need to prevent " man in the middle" attacks.

No problem with passive monitoring of WS Reliability messages for accounting purposes

Alan, that wasn't exactly the intent of my comment. Securing the message, or portions of it, from tampering and disclosure is the job of WSS. We already say we can compose with WSS, so your concern should already be addressed adequately. (It is left as a future exercise for some other group to describe exactly how these two specs should be composed in a meaningful fashion.)

What I meant was, we should state that Sending RMPs MUST NOT address RM headers to SOAP intermediaries ("next" role or actor). Confusing things would occur if that were possible. (In other words, I don't want to allow the "hop-to-hop reliability" can of worms to be opened.)

--Pete

----- Original Message ----- From: Pete Wenzel Date: Mon, 19 Apr 2004 13:07:07 -0700 To: ws@lists.oasis-open.org Subject: [wsrm] Comments on WS-Reliability CD 0.992 > Here is my laundry list of things to fix in CD-0.992; most are > editorial in nature. > > > Line 98: Says "This specification addresses end-to-end reliability, > and is not concerned with intermediaries." However, there is nothing to > prevent someone targeting Reliability headers to "next" role/actor. > This case should be explicitly forbidden, rather than left undefined. >...

-- Pete Wenzel <pe@seebeyond.com> Senior Architect, SeeBeyond Standards & Product Strategy +1-626-471-6311 (US-Pacific)