Link recovery tokens

XMLWordPrintable

    • Type: Improvement
    • Resolution: Unresolved
    • Priority: Major
    • None
    • Affects Version/s: None
    • Component/s: Security
    • None
    • Hide

      The resolution proposal is to add a link recovery token addendum to AMQP 1.0. A link recovery token is issued by each link partner and sent as a property on its initial ATTACH frame. The token is subsequently passed by the opposing partner with the recovery ATTACH frame to authenticate the prior link partnership. The recovery ATTACH frame itself may carry a new recovery token.

      Show
      The resolution proposal is to add a link recovery token addendum to AMQP 1.0. A link recovery token is issued by each link partner and sent as a property on its initial ATTACH frame. The token is subsequently passed by the opposing partner with the recovery ATTACH frame to authenticate the prior link partnership. The recovery ATTACH frame itself may carry a new recovery token.

      The recovery of links from broken connections/sessions may require proof that the client is authorized to perform that recovery. In this scenario, the client may be a failover instance of a prior client instance. What shall be prevented is that some other party that has access to the broker and that can guess the respective link names, can "steal" such recovery-pending links from another party that has just lost its connection to the broker.

            Assignee:
            Unassigned
            Reporter:
            clemensv
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: