[OGSA-BES-WG] The up-to-date specification?

[Steven Newhouse]

> > If you fail authorization under the container's rule it is the
> container that sends the fault
>
> And that is what I've been asking for - what the fault should look
> like. I have my own container (which does authentication and
> authorization) so I must choose the most suitable fault to return.

By container I mean the web service hosting environment NOT the BES Container. It is therefore not a BES specific fault that gets sent.

> Summing up, the only solution I can see now is to return standard SOAP
> fault with added human readable description saying that this general
> fault was thrown because of an authorization failure so that the
> client at the other side knows the reason her call was rejected.

If I'm not authorized to access a WCF service (as an example) the error message I get back as a client is very vague. Just knowing there is a service there that is rejecting you is very useful bit of information for a hostile client. Better to make it appear the message just failed to connect. Server side there should be clear logging to indicate why the connection was dropped - not authenticated and/or not authorized.

Steven