OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-rx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-rx] proposal for i122, i123, and i124

A few comments / questions on the proposal:
 
- The usage of transport layer security protocols to secure a sequence is not mentioned in the proposal at all. Is that intentional? Since it refers to WS-SecurityPolicy (WS-SP), there are certainly ways to support this scenario, even without the requirement to use any of the additional elements introduced by this proposal (one might even recommend to mutually exclude the use of the <wsrmp:SequenceSTR> in conjunction with the <sp:TransportBinding> assertion in RM?) Shouldn't this be included in the proposal as well?
 
- The STR (and its RM policy assertion) does not provide any information about the actual token type and the security protocol used (e.g. an Security Context Token in the case of WS-SC). Again, I assume that the intension is to use WS-SP for this purpose. But shouldn't the proposal/spec be more precise on that? How would the actual policy composition of the (new) RM Security- and SP-Assertions look like? What SP-Assertions can be nested as child elements of the <SequenceSTR> to further qualify the behavior and compatibility semantics of that new assertion?
 
- The above question leads to another issue: The <wsrm:UsesSequenceSTR> SOAP header does not include sufficient information to actually ensure interoperability between an RMS and RMD. Even if the RMD understands and implements the STR, it might not be able to process the actual token referenced by the STR inside the CreateSequence element. As an example, the RMS could use a Security Context Token with a derived key but the RMD does not support the particular key derivation algorithm. Given that, doesn't that mean that the RMD must also take the (token qualifying) SP assertions into consideration when deciding whether or not to return a soap:MustUnderstand fault?
 
-- Martin
 
Martin Raepple
Platform Ecosystem Industry Standards
SAP AG
Dietmar-Hopp-Allee 16
69190 Walldorf, Germany
T  +49/6227/7-60365
F  +49/6227/78-44724
mailto: martin.raepple@sap.com
http://www.sap.com

From: Christopher B Ferris [mailto:chrisfer@us.ibm.com]
Sent: Donnerstag, 8. Juni 2006 13:28
To: ws-rx@lists.oasis-open.org
Subject: [ws-rx] proposal for i122, i123, and i124


All,

IBM and Microsoft would like to submit the following proposal for issues i122, i123 and i124 that defines
the mechanism that MAY be used to secure an RM Sequence, the means by which the RMS can be assured
that the RMD will correctly process the extension, and the means by which the RMD can advertise support for the
extension.



Cheers,

Christopher Ferris
STSM, Software Group Standards Strategy
email: chrisfer@us.ibm.com
blog: http://www.ibm.com/developerworks/blogs/dw_blog.jspa?blog=440
phone: +1 508 377 9295

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]