On 9/10/07, Assaf Arkin <[EMAIL PROTECTED]> wrote: > > > Similar to correlation on a receive, assertions effectively guard the > > activity from executing until all the necessary conditions have been > met. > > > So basically: > 1. Receive with some principal, store in foo. > 2. Don't check. > 3. Invoke using foo, making assertion. > 3.1. Get response, or > 3.2. Crash
Sorry, I misunderstood what you were asking. I was talking about checking security assertions on <bpel:receive>. For <bpel:invoke>, the extension would allow you to specify which credentials (roles) you want to have propagated. The recipient is responsible for checking your assertions. What does this do? > > sudo ssh myserver.com > > Per RBAC concept I'm executing on remote shell as sudo assaf, same > activation. > > Per my SSH stack, I'm executing on remote shell as uncontrolled root. > Actually none of my servers allow me to sudo ssh into them. Actually, you can configure ssh (the client) to forward credentials for you, and you can use ssh-agent to create a security context that automatically forwards credentials that you explicitly define (ssh-add). Same principles, different implementation. alex
