Issue 3572: SecurityContext::process_context_token (sec-rev) Source: (, ) Nature: Revision Severity: Significant Summary: The GSS-API calls for a process_context_token function to process context tokens. There is no such operation on the SecurityContext interface. Resolution: Apply revisions and close issue. Revised Text: Remove portion of "Figure 15-55 Security Context State Transition Diagram" that applies to refresh. Remove paragraph 870 "supports_refresh" Remove paragraph 881 "refresh_security_context" Remove Paragraph 882 "process_refresh_token" Remove "supports_refresh", "refresh_security_context", and and "process_refresh_token" from Appendix A.7 Actions taken: April 19, 2000: received issue August 3, 2001: closed issue Discussion: There is a process_refresh_token that was added in one of the last RTF's. I believe this should be changed to process_context_token.There is a process_refresh_token that was added in one of the last RTF’s. I believe this should be changed to process_context_token. ---- Since the GSS-API does not support dynamic context refresh, and SECIOP has eliminated that capability, the refresh_security_context and process_refresh_token operations must be removed. A context token in the GSS-API is only delivered as a result of the server processing the security context establishment via Accept_sec_context, and producing a token that the client must process. In the GSS-API the operation of Process_context_token is provided for this purpose because the client cannot call GSS-API Init_sec_context operation because the state has already transistioned to GSS_S_COMPLETE. However, in SECIOP a CompleteEstablishment message MUST always be returned by the server, and therefore context token will be contained in the final_context_token field. A SecurityReplaceable security context processes this token with complete_security_context. If the security context is discarded the operation will return a failure status. End of Annotations:===== X-Authentication-Warning: marcy.adiron.com: polar owned process doing -bs Date: Wed, 19 Apr 2000 17:28:13 -0400 (EDT) From: Polar Humenn To: issues@omg.org cc: secrev@omg.org Subject: SecurityContext::process_context_token Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-UIDL: &MU!!eX&e9j'_d9ELH!! Issue ####: SecurityContext::process_context_token Source: Adiron ( Polar Humenn polar@adiron.com ) Nature: Revision Severity: Significant Summary: The GSS-API calls for a process_context_token function to process context tokens. There is no such operation on the SecurityContext interface. Resolution: Revised Text: Actions Taken: April 19, 2000: received issue Discussion: There is a process_refresh_token that was added in one of the last RTF's. I believe this should be changed to process_context_token. ------------------------------------------------------------------- Polar Humenn Adiron, LLC mailto:polar@adiron.com 2-212 CST Phone: 315-443-3171 Syracuse, NY 13244-4100 Fax: 315-443-4745 http://www.adiron.com