Issue 7311: Interplay of Contexts allowed in NegotiateSession messages too ill-defined (firewall-traversal-ftf)
Source:  (Ms. Rebecca Bergersen, becky(at)bergersen.org)
Nature: Uncategorized Issue
Severity: 
Summary: PROBLEM:
The BiDir GIOP document allows all of the contexts that can be found in a GIOP query or response message to be also allowed in a NegotiateSession message.  However, the interplay among these contexts is undefined.  An example is the use in NegotiateSession messages of both CodeSet negotiation and BiDir connection setup.  What can be used in what order is not defined.
 
RECOMMENDATION:
Only bi-directional GIOP and firewall contexts may be used in a NegotiateSession message in this version of GIOP.  The contexts are the following:
 
·        BI_DIR_GIOP_OFFER
·        BI_DIR_GIOP_CHALLENGE
·        BI_DIR_GIOP_RESPONSE
·        BI_DIR_GIOP_ACCEPT
·        FIREWALL_PATH
·        FIREWALL_PATH_RESP
 
Further contexts may be added to new versions of the BiDir GIOP spec as their interplay with the existing set and the order of their use is carefully analyzed and documented.  This effectively limits the scope of the problem to the bidir protocol and use by the firewall.  The order and stage of processing the above contexts is discussed in another Firewall issue.

Resolution: 
Revised Text: 
Actions taken:
May 6, 2004: received issue
Discussion: 

End of Annotations:=====
ubject: Firewall Issue: Interplay of Contexts allowed in NegotiateSession messages too ill-defined 
Date: Thu, 6 May 2004 16:57:15 -0400 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Firewall Issue: Interplay of Contexts allowed in NegotiateSession messages too ill-defined 
Thread-Index: AcQzrMz+Mg5Es76PSr6ijOTCfb9DtA== 
From: "Bergersen, Rebecca" <Rebecca.Bergersen@iona.com> 
To: <issues@omg.org>, <firewall-traversal-ftf@omg.org> 
Cc: "Bergersen, Rebecca" <Rebecca.Bergersen@iona.com> 


PROBLEM:
The BiDir GIOP document allows all of the contexts that can be found in a GIOP query or response message to be also allowed in a NegotiateSession message.  However, the interplay among these contexts is undefined.  An example is the use in NegotiateSession messages of both CodeSet negotiation and BiDir connection setup.  What can be used in what order is not defined.
 
RECOMMENDATION:
Only bi-directional GIOP and firewall contexts may be used in a NegotiateSession message in this version of GIOP.  The contexts are the following:
 
·        BI_DIR_GIOP_OFFER
·        BI_DIR_GIOP_CHALLENGE
·        BI_DIR_GIOP_RESPONSE
·        BI_DIR_GIOP_ACCEPT
·        FIREWALL_PATH
·        FIREWALL_PATH_RESP
 
Further contexts may be added to new versions of the BiDir GIOP spec as their interplay with the existing set and the order of their use is carefully analyzed and documented.  This effectively limits the scope of the problem to the bidir protocol and use by the firewall.  The order and stage of processing the above contexts is discussed in another Firewall issue.
 
Respectfully,
Rebecca Bergersen
PRINCIPAL ARCHITECT, MIDDLEWARE STANDARDS
rebecca.bergersen@iona.com
-------------------------------------------------------
IONA Technologies
200 West Street Waltham, MA 02451 USA
Tel: (781) 902-8265
Fax: (781) 902-8001
-------------------------------------------------------
Making Software Work Together TM