-
Type: Improvement
-
Status: Closed
-
Priority: Trivial
-
Resolution: Unresolved
-
Affects Version/s: cbs-WD03
-
Fix Version/s: cbs-WD05
-
Component/s: Claims Based Security
-
Labels:None
-
Resolution:
Section 2. Overview, second paragraph:
Claims-based security composes with the security model defined in [AMQP]. The receiving peer can accept the connection and session without establishing any authentication context or can mandate that the client authenticates at the transport level and/or using a supported SASL mechanism.
What is recieiving peer supposed to mean here? - AMQP (without SASL) doesn't define two distinct roles. TCP defines the client and server role, and the SASL layer defined in AMQP Section 5.3 reflects this. Should this really be something like "An AMQP connection can be established without any authentication context, or the peers can mandate authentication at the transport level and/or using a supported SASL mechanism." ?