[OGSA-BES-WG] The up-to-date specification?
Steven Newhouse
Steven.Newhouse at microsoft.com
Wed Feb 20 16:23:04 CST 2008
> > If you fail authorization under the container's rule it is the
> container that sends the fault
>
> And that is what I've been asking for - what the fault should look
> like. I have my own container (which does authentication and
> authorization) so I must choose the most suitable fault to return.
By container I mean the web service hosting environment NOT the BES Container. It is therefore not a BES specific fault that gets sent.
> Summing up, the only solution I can see now is to return standard SOAP
> fault with added human readable description saying that this general
> fault was thrown because of an authorization failure so that the
> client at the other side knows the reason her call was rejected.
If I'm not authorized to access a WCF service (as an example) the error message I get back as a client is very vague. Just knowing there is a service there that is rejecting you is very useful bit of information for a hostile client. Better to make it appear the message just failed to connect. Server side there should be clear logging to indicate why the connection was dropped - not authenticated and/or not authorized.
Steven
More information about the ogsa-bes-wg
mailing list