ws-rx message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: RE: [ws-rx] proposal for i122, i123, and i124
- From: "Raepple, Martin" <martin.raepple@sap.com>
- To: <chrisfer@us.ibm.com>, <ws-rx@lists.oasis-open.org>
- Date: Thu, 8 Jun 2006 19:15:11 +0200
A few comments / questions on the
proposal:
- The usage of transport layer security
protocols to secure a sequence is not mentioned in the proposal at all. Is that
intentional? Since it refers to WS-SecurityPolicy (WS-SP), there are
certainly ways to support this scenario, even without the requirement to
use any of the additional elements introduced by this proposal (one might even
recommend to mutually exclude the use of the <wsrmp:SequenceSTR> in
conjunction with the <sp:TransportBinding> assertion in RM?)
Shouldn't this be included in the proposal as well?
- The STR (and its RM policy assertion) does not
provide any information about the actual token type and the security
protocol used (e.g. an Security Context Token in the case of WS-SC).
Again, I assume that the intension is to use WS-SP for this purpose. But
shouldn't the proposal/spec be more precise on that? How would the actual policy
composition of the (new) RM Security- and SP-Assertions look like? What
SP-Assertions can be nested as child elements of the <SequenceSTR> to
further qualify
the behavior and compatibility semantics of that new
assertion?
- The
above question leads to another issue: The <wsrm:UsesSequenceSTR> SOAP header does not include
sufficient information to actually ensure interoperability between an RMS and
RMD. Even if the RMD understands and implements the STR, it might
not be able to process the actual token referenced by the STR inside the
CreateSequence element. As an example, the RMS could use a Security Context
Token with a derived key but the RMD does not support the particular key
derivation algorithm. Given that, doesn't that mean that the RMD must also
take the (token qualifying) SP assertions into consideration when deciding
whether or not to return a soap:MustUnderstand
fault?
-- Martin
Martin Raepple
Platform Ecosystem Industry
Standards
SAP AG
Dietmar-Hopp-Allee
16
69190 Walldorf, Germany
T
+49/6227/7-60365
F +49/6227/78-44724
mailto: martin.raepple@sap.com
http://www.sap.com
All,
IBM and Microsoft would like to submit
the following proposal for issues i122, i123 and i124 that defines
the mechanism that MAY be used to secure an
RM Sequence, the means by which the RMS can be assured
that the RMD will correctly process the extension, and
the means by which the RMD can advertise support for the
extension.
Cheers,
Christopher
Ferris
STSM, Software Group Standards Strategy
email:
chrisfer@us.ibm.com
blog:
http://www.ibm.com/developerworks/blogs/dw_blog.jspa?blog=440
phone: +1 508
377 9295
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]