You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cm...@apache.org on 2010/01/12 05:23:34 UTC
svn commit: r898181 [2/5] - in
/activemq/sandbox/activemq-apollo-actor/activemq-amqp-generator: ./
specification/ specification/1.0-PR2/ src/ src/main/ src/main/java/
src/main/java/org/ src/main/java/org/apache/
src/main/java/org/apache/activemq/ src/m...
Added: activemq/sandbox/activemq-apollo-actor/activemq-amqp-generator/specification/1.0-PR2/security.xml
URL: http://svn.apache.org/viewvc/activemq/sandbox/activemq-apollo-actor/activemq-amqp-generator/specification/1.0-PR2/security.xml?rev=898181&view=auto
==============================================================================
--- activemq/sandbox/activemq-apollo-actor/activemq-amqp-generator/specification/1.0-PR2/security.xml (added)
+++ activemq/sandbox/activemq-apollo-actor/activemq-amqp-generator/specification/1.0-PR2/security.xml Tue Jan 12 04:23:30 2010
@@ -0,0 +1,460 @@
+<?xml version="1.0"?>
+
+<!--
+ Copyright Notice
+ ================
+ (c) Copyright Cisco Systems, Credit Suisse, Deutsche Borse Systems, Envoy Technologies, Inc.,
+ Goldman Sachs, IONA Technologies PLC, iMatix Corporation sprl.,JPMorgan Chase Bank Inc. N.A,
+ Novell, Rabbit Technologies Ltd., Red Hat, Inc., TWIST Process Innovations ltd, and 29West Inc.
+ 2006, 2007. All rights reserved.
+
+ License
+ =======
+
+ Cisco Systems, Credit Suisse, Deutsche Borse Systems, Envoy Technologies, Inc.,Goldman Sachs,
+ IONA Technologies PLC, iMatix Corporation sprl.,JPMorgan Chase Bank Inc. N.A, Novell, Rabbit
+ Technologies Ltd., Red Hat, Inc., TWIST Process Innovations ltd, and 29West Inc. (collectively,
+ the "Authors") each hereby grants to you a worldwide, perpetual, royalty-free, nontransferable,
+ nonexclusive license to (i) copy, display, distribute and implement the Advanced Messaging Queue
+ Protocol ("AMQP") Specification and (ii) the Licensed Claims that are held by the Authors, all for
+ the purpose of implementing the Advanced Messaging Queue Protocol Specification. Your license and
+ any rights under this Agreement will terminate immediately without notice from any Author if you
+ bring any claim, suit, demand, or action related to the Advanced Messaging Queue Protocol
+ Specification against any Author. Upon termination, you shall destroy all copies of the Advanced
+ Messaging Queue Protocol Specification in your possession or control.
+
+ As used hereunder, "Licensed Claims" means those claims of a patent or patent application,
+ throughout the world, excluding design patents and design registrations, owned or controlled, or
+ that can be sublicensed without fee and in compliance with the requirements of this Agreement, by
+ an Author or its affiliates now or at any future time and which would necessarily be infringed by
+ implementation of the Advanced Messaging Queue Protocol Specification. A claim is necessarily
+ infringed hereunder only when it is not possible to avoid infringing it because there is no
+ plausible non-infringing alternative for implementing the required portions of the Advanced
+ Messaging Queue Protocol Specification. Notwithstanding the foregoing, Licensed Claims shall not
+ include any claims other than as set forth above even if contained in the same patent as Licensed
+ Claims; or that read solely on any implementations of any portion of the Advanced Messaging Queue
+ Protocol Specification that are not required by the Advanced Messaging Queue Protocol
+ Specification, or that, if licensed, would require a payment of royalties by the licensor to
+ unaffiliated third parties. Moreover, Licensed Claims shall not include (i) any enabling
+ technologies that may be necessary to make or use any Licensed Product but are not themselves
+ expressly set forth in the Advanced Messaging Queue Protocol Specification (e.g., semiconductor
+ manufacturing technology, compiler technology, object oriented technology, networking technology,
+ operating system technology, and the like); or (ii) the implementation of other published
+ standards developed elsewhere and merely referred to in the body of the Advanced Messaging Queue
+ Protocol Specification, or (iii) any Licensed Product and any combinations thereof the purpose or
+ function of which is not required for compliance with the Advanced Messaging Queue Protocol
+ Specification. For purposes of this definition, the Advanced Messaging Queue Protocol
+ Specification shall be deemed to include both architectural and interconnection requirements
+ essential for interoperability and may also include supporting source code artifacts where such
+ architectural, interconnection requirements and source code artifacts are expressly identified as
+ being required or documentation to achieve compliance with the Advanced Messaging Queue Protocol
+ Specification.
+
+ As used hereunder, "Licensed Products" means only those specific portions of products (hardware,
+ software or combinations thereof) that implement and are compliant with all relevant portions of
+ the Advanced Messaging Queue Protocol Specification.
+
+ The following disclaimers, which you hereby also acknowledge as to any use you may make of the
+ Advanced Messaging Queue Protocol Specification:
+
+ THE ADVANCED MESSAGING QUEUE PROTOCOL SPECIFICATION IS PROVIDED "AS IS," AND THE AUTHORS MAKE NO
+ REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR TITLE; THAT THE CONTENTS
+ OF THE ADVANCED MESSAGING QUEUE PROTOCOL SPECIFICATION ARE SUITABLE FOR ANY PURPOSE; NOR THAT THE
+ IMPLEMENTATION OF THE ADVANCED MESSAGING QUEUE PROTOCOL SPECIFICATION WILL NOT INFRINGE ANY THIRD
+ PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+
+ THE AUTHORS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL
+ DAMAGES ARISING OUT OF OR RELATING TO ANY USE, IMPLEMENTATION OR DISTRIBUTION OF THE ADVANCED
+ MESSAGING QUEUE PROTOCOL SPECIFICATION.
+
+ The name and trademarks of the Authors may NOT be used in any manner, including advertising or
+ publicity pertaining to the Advanced Messaging Queue Protocol Specification or its contents
+ without specific, written prior permission. Title to copyright in the Advanced Messaging Queue
+ Protocol Specification will at all times remain with the Authors.
+
+ No other rights are granted by implication, estoppel or otherwise.
+
+ Upon termination of your license or rights under this Agreement, you shall destroy all copies of
+ the Advanced Messaging Queue Protocol Specification in your possession or control.
+
+ Trademarks
+ ==========
+ "JPMorgan", "JPMorgan Chase", "Chase", the JPMorgan Chase logo and the Octagon Symbol are
+ trademarks of JPMorgan Chase & Co.
+
+ IMATIX and the iMatix logo are trademarks of iMatix Corporation sprl.
+
+ IONA, IONA Technologies, and the IONA logos are trademarks of IONA Technologies PLC and/or its
+ subsidiaries.
+
+ LINUX is a trademark of Linus Torvalds. RED HAT and JBOSS are registered trademarks of Red Hat,
+ Inc. in the US and other countries.
+
+ Java, all Java-based trademarks and OpenOffice.org are trademarks of Sun Microsystems, Inc. in the
+ United States, other countries, or both.
+
+ Other company, product, or service names may be trademarks or service marks of others.
+
+ Links to full AMQP specification:
+ i================================
+ http://www.envoytech.org/spec/amq/
+ http://www.iona.com/opensource/amqp/
+ http://www.redhat.com/solutions/specifications/amqp/
+ http://www.twiststandards.org/tiki-index.php?page=AMQ
+ http://www.imatix.com/amqp
+-->
+
+<!DOCTYPE amqp SYSTEM "amqp.dtd">
+
+<amqp xmlns="http://www.amqp.org/schema/amqp.xsd"
+ name="security" label="working version">
+
+ <section name="security-layers" title="Security Layers" label="Security Layers">
+ <doc>
+ <p>
+ Security Layers are used to establish an authenticated and/or encrypted transport over which
+ regular AMQP traffic can be tunneled. Security Layers may be tunneled over one another (for
+ instance a Security Layer used by the peers to do authentication may be tunneled over a
+ Security Layer established for encryption purposes).
+ </p>
+
+ <p>
+ The framing and protocol definitions for security layers are expected to be defined
+ externally to the AMQP specification as in the case of TLS. An exception to this is the SASL
+ security layer which depends on its host protocol to provide framing. Because of this we
+ define the controls necessary for SASL to function in the <xref name="sasl"/> section below.
+ When a security layer terminates (either before or after a secure tunnel is established),
+ the TCP Connection MUST be closed by first shutting down the outgoing stream and then
+ reading the incoming stream until it is terminated.
+ </p>
+ </doc>
+ </section>
+
+ <section name="tls" title="TLS" label="TLS Security Layer">
+ <doc>
+ <p>
+ To establish a TLS tunnel, each peer MUST start by sending a protocol header. The protocol
+ header consists of the upper case ASCII letters "AMQP" followed by a protocol id of one,
+ followed by three unsigned bytes representing the major, minor, and revision of the
+ specification version (currently <xref name="MAJOR"/>, <xref name="MINOR"/>,
+ <xref name="REVISION"/>). In total this is an 8-octet sequence:
+ </p>
+
+ <picture><![CDATA[
+ 4 OCTETS 1 OCTET 1 OCTET 1 OCTET 1 OCTET
++----------+---------+---------+---------+----------+
+| "AMQP" | %d1 | major | minor | revision |
++----------+---------+---------+---------+----------+
+]]>
+ </picture>
+
+ <p>
+ Other than using a protocol id of one, the exchange of TLS tunnel headers follows the same
+ rules specified in the version negotiation section of the transport specification (See
+ <xref name="version-negotiation"/>).
+ </p>
+ </doc>
+
+ <doc>
+ <p>
+ The following diagram illustrates the interaction involved in creating a TLS Security Layer:
+ </p>
+ <picture><![CDATA[
+TCP Client TCP Server
+=========================================
+AMQP%d1.1.0.0 --------->
+ <--------- AMQP%d1.1.0.0
+ :
+ :
+ <TLS negotiation>
+ :
+ :
+AMQP%d0.1.0.0 ---------> (over TLS secured connection)
+ <--------- AMQP%d0.1.0.0
+ open --------->
+ <--------- open
+]]>
+ </picture>
+
+ <p>
+ When the use of the TLS Security Layer is negotiated, the following rules apply:
+ </p>
+
+ <ul>
+ <li>
+ <p>
+ The TLS client peer and TLS server peer are determined by the TCP client peer and TCP
+ server peer respectively.
+ </p>
+ </li>
+
+ <li>
+ <p>
+ The TLS client peer SHOULD use the server name indication extension as described in
+ RFC-4366.
+ </p>
+ </li>
+
+ <li>
+ <p>
+ The TLS client MUST validate the certificate presented by the TLS server.
+ </p>
+ </li>
+ </ul>
+ </doc>
+ </section>
+
+ <!-- == Section: sasl ======================================================================== -->
+
+ <section name="sasl" title="SASL" label="SASL Security Layer">
+ <doc>
+ <p>
+ To establish a SASL tunnel, each peer MUST start by sending a protocol header. The protocol
+ header consists of the upper case ASCII letters "AMQP" followed by a protocol id of two,
+ followed by three unsigned bytes representing the major, minor, and revision of the
+ specification version (currently <xref name="MAJOR"/>, <xref name="MINOR"/>,
+ <xref name="REVISION"/>). In total this is an 8-octet sequence:
+ </p>
+
+ <picture><![CDATA[
+ 4 OCTETS 1 OCTET 1 OCTET 1 OCTET 1 OCTET
++----------+---------+---------+---------+----------+
+| "AMQP" | %d2 | major | minor | revision |
++----------+---------+---------+---------+----------+
+]]>
+ </picture>
+
+ <p>
+ Other than using a protocol id of two, the exchange of SASL tunnel headers follows the same
+ rules specified in the version negotiation section of the transport specification (See
+ <xref name="version-negotiation"/>).
+ </p>
+
+ <p>
+ The following diagram illustrates the interaction involved in creating a SASL Security
+ Layer:
+ </p>
+
+ <picture><![CDATA[
+TCP Client TCP Server
+=========================================
+AMQP%d2.1.0.0 --------->
+ <--------- AMQP%d2.1.0.0
+ :
+ :
+ <SASL negotiation>
+ :
+ :
+AMQP%d0.1.0.0 ---------> (over SASL secured connection)
+ <--------- AMQP%d0.1.0.0
+ open --------->
+ <--------- open
+]]>
+ </picture>
+ </doc>
+
+ <doc title="SASL Negotiation">
+ <p>
+ The peer acting as the SASL Server must announce supported authentication mechanisms using
+ the <xref name="sasl-mechanisms"/> control. The partner must then choose one of the
+ supported mechanisms and initiate a sasl exchange.
+ </p>
+
+ <picture title="SASL Exchange"><![CDATA[
+SASL Client SASL Server
+================================
+ <-- SASL-MECHANISMS
+SASL-INIT -->
+ ...
+ <-- SASL-CHALLENGE *
+SASL-RESPONSE -->
+ ...
+ <-- SASL-OUTCOME
+--------------------------------
+ * Note that the SASL
+ challenge/response step may
+ occur zero or more times
+ depending on the details of
+ the SASL mechanism chosen.
+]]>
+ </picture>
+
+ <p>
+ The peer playing the role of the SASL Client and the peer playing the role of the SASL
+ server MUST correspond to the TCP client and server respectively.
+ </p>
+ </doc>
+
+ <doc title="Security Controls"/>
+
+ <!-- - Control: sasl-mechanisms - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+
+ <type class="compound" name="sasl-mechanisms" label="advertise available sasl mechanisms">
+ <doc>
+ <p>
+ Advertises the available SASL mechanisms that may be used for authentication.
+ </p>
+ </doc>
+
+ <descriptor name="amqp:sasl-mechanisms:list" code="0x00000001:0x00000701"/>
+
+ <field name="options" type="map" label="options map"/>
+
+ <field name="sasl-server-mechanisms" type="string" multiple="true"
+ label="supported sasl mechanisms">
+ <doc>
+ <p>
+ A list of the sasl security mechanisms supported by the sending peer. If the sending
+ peer does not require its partner to authenticate with it, this list may be empty or
+ absent. The server mechanisms are ordered in decreasing level of preference.
+ </p>
+ </doc>
+ </field>
+ </type>
+
+ <!-- - Control: sasl-init - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+
+ <type class="compound" name="sasl-init" label="initiate sasl exchange">
+ <doc>
+ <p>Selects the sasl mechanism and provides the initial response if needed.</p>
+ </doc>
+
+ <descriptor name="amqp:sasl-init:list" code="0x00000001:0x00000702"/>
+
+ <field name="options" type="map" label="options map"/>
+
+ <field name="mechanism" type="string" label="selected security mechanism" required="true">
+ <doc>
+ <p>
+ The name of the SASL mechanism used for the SASL exchange. If the selected mechanism is
+ not supported by the receiving peer, it MUST close the Connection with the
+ authentication-failure close-code. Each peer MUST authenticate using the highest-level
+ security profile it can handle from the list provided by the partner.
+ </p>
+ </doc>
+ </field>
+
+ <field name="initial-response" type="binary" label="security response data">
+ <doc>
+ <p>
+ A block of opaque data passed to the security mechanism. The contents of this data are
+ defined by the SASL security mechanism.
+ </p>
+ </doc>
+ </field>
+ </type>
+
+ <!-- - Control: sasl-challenge - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+
+ <type class="compound" name="sasl-challenge" label="security mechanism challenge">
+ <doc>
+ <p>Send the SASL challenge data as defined by the SASL specification.</p>
+ </doc>
+
+ <descriptor name="amqp:sasl-challenge:list" code="0x00000001:0x00000703"/>
+
+ <field name="options" type="map" label="options map"/>
+
+ <field name="challenge" type="binary" label="security challenge data" required="true">
+ <doc>
+ <p>
+ Challenge information, a block of opaque binary data passed to the security
+ mechanism.
+ </p>
+ </doc>
+ </field>
+ </type>
+
+ <!-- - Control: sasl-response - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+
+ <type class="compound" name="sasl-response" label="security mechanism response">
+ <doc>
+ <p>Send the SASL response data as defined by the SASL specification.</p>
+ </doc>
+
+ <descriptor name="amqp:sasl-response:list" code="0x00000001:0x00000704"/>
+
+ <field name="options" type="map" label="options map"/>
+
+ <field name="response" type="binary" label="security response data" required="true">
+ <doc>
+ <p>
+ A block of opaque data passed to the security mechanism. The contents of this data are
+ defined by the SASL security mechanism.
+ </p>
+ </doc>
+ </field>
+ </type>
+
+ <!-- - Control: sasl-outcome - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+
+ <type class="compound" name="sasl-outcome" label="indicates the outcome of the sasl dialog">
+ <doc>
+ <p>
+ This control indicates the outcome of the SASL dialog. Upon successful completion of the
+ SASL dialog the Security Layer has been established, and the peers must exchange protocol
+ headers to either start a nested Security Layer, or to establish the AMQP Connection.
+ </p>
+ </doc>
+
+ <descriptor name="amqp:sasl-outcome:list" code="0x00000001:0x00000705"/>
+
+ <field name="options" type="map" label="options map"/>
+
+ <field name="code" type="sasl-code" label="indicates the outcome of the sasl dialog">
+ <doc>
+ <p>A reply-code indicating the outcome of the SASL dialog.</p>
+ </doc>
+ </field>
+
+ <field name="additional-data" type="binary" label="additional data as specified in RFC-4422">
+ <doc>
+ <p>
+ The additional-data field carries additional data on successful authentication outcome
+ as specified by the SASL specification (RFC-4422). If the authentication is
+ unsuccessful, this field is not set.
+ </p>
+ </doc>
+ </field>
+ </type>
+
+ <type class="restricted" name="sasl-code" source="ubyte"
+ label="codes to indicate the outcome of the sasl dialog">
+ <choice name="ok" value="0">
+ <doc>
+ <p>Connection authentication succeeded.</p>
+ </doc>
+ </choice>
+ <choice name="auth" value="1">
+ <doc>
+ <p>
+ Connection authentication failed due to an unspecified problem with the supplied
+ credentials.
+ </p>
+ </doc>
+ </choice>
+ <choice name="sys" value="2">
+ <doc>
+ <p>Connection authentication failed due to a system error.</p>
+ </doc>
+ </choice>
+ <choice name="sys-perm" value="3">
+ <doc>
+ <p>
+ Connection authentication failed due to a system error that is unlikely to be corrected
+ without intervention.
+ </p>
+ </doc>
+ </choice>
+ <choice name="sys-temp" value="4">
+ <doc>
+ <p>
+ Connection authentication failed due to a transient system error.
+ </p>
+ </doc>
+ </choice>
+ </type>
+ </section>
+
+</amqp>