Uploaded image for project: 'OASIS Advanced Message Queuing Protocol (AMQP) TC'
  1. OASIS Advanced Message Queuing Protocol (AMQP) TC
  2. AMQP-109

Scope (connection/session) of CBS token



    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: cbs-WD03
    • Fix Version/s: None
    • Component/s: Claims Based Security
    • Labels:


      I'm not sure that it is made explicit anywhere in the text as to the scope of $cbs - that is, are tokens sent to $cbs valid for the current connection, or only for operations on the session to which the link to $cbs was created.

      I think the intent is that the scope is for the entire connection (and clearly for the SASL mechanism the scope MUST be the entire connection since at the time of the SASL exchange there is no notion of sessions).

      One use case for AMQP sessions that has been discussed the past is that of a "connection concentrator" whereby an AMQP intermediary would take incoming connections and proxy those onto a single connection to a remote server using distinct sessions for each of the sessions on each of the "incoming" connections. To support such a use case it might be nice to add an option "session-scoped" to the put-token operation to specify that the token is only valid for the current session. This option would be optional and default to false.




            • Assignee:
              clemensv Clemens Vasters
              robgodfrey Rob Godfrey
            • Watchers:
              3 Start watching this issue


              • Created: