[Css-csts] Action A#05-0206

Thu May 18 08:08:41 EDT 2006

Dear All,

In response to action A#05-0206, I have compared the Authentication Procedure with the SLE API specification and have found the following differences. Section numbers preceded by 'AP' refer to the document describing the authentication procedure, issue 1.0 of December 2005. Section numbers preceded by 'API' refer to the API core specification (CCSDS Book).

[C1] Notes after AP-4.1.2.3, AP-4.1.4.1.2, AP-4.1.4.2.2 b)

For the BIND operation, the API aborts the connection. The API Specification says in API-3.2.6.3.2

"3.2.6.3.2	The action to "ignore a PDU" shall be implemented according to the following specifications:
3.2.6.3.2.1	As a rule, the proxy shall not take any action that could be observed via the network.  In addition, it shall not modify the state of the association or of any operation object waiting for a return PDU, such that a subsequent "legal" return will succeed.
3.2.6.3.2.2	In order to prevent permanent blocking of resources, a proxy implementation may abort the underlying data communication connection and set the state of the association to "unbound" when authentication fails for a BIND invocation, BIND return, or UNBIND invocation.  If this option is selected, the abort procedure shall restrict the information that is made available to the peer system to the minimum possible.  For a BIND return and an UNBIND invocation, the proxy shall inform its local client using a PEER ABORT operation object with the diagnostic 'other reason'."

[C2] AP-4.1.3.3 

The responder identifier is not copied from the "service instance structure", (i.e. the SI parameters provided to the API) but set to the identifier of the local application in the API configuration file. This is certainly a subtle difference but the API specification implies that the responder identifier should always be the same for given provider, whereas the specification in the AP would allow using a different ID per service instance.

[C3] AP-4.1.4.2 

The API does not contain specific specifications of how to handle a BIND return with the diagnostic 'access denied' and in particular does not require that authentication be skipped.  The procedure seems to make sense, however.

In any case, when the BIND is rejected, there is not much that can be done other than reporting the problem to the local application. In particular it is not possible to invoke PEER-ABORT as specified in the Association Control procedure.

Kind Regards,
Martin Götzelmann

VEGA Informations-Technologien GmbH
Robert-Bosch-Straße 7
D-64293 Darmstadt
Germany

Tel	: +49 6151 8257-147
Fax	: +49 6151 8257-171
Email	: Martin.Goetzelmann at vega.de
Web	: www.vega-group.de

Notice of Confidentiality

This transmission is intended for the named addressee only. It contains information which may be confidential and which may also be privileged.  Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else.  If you have received this transmission in error please notify the sender immediately.