OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-rx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Issues 121 - 124 RM + SP Assertions

All,

 

I’ve attached three examples of combining the RM assertion, including the proposed SequenceSTR assertion, with SP.

·         RMSC.xml – This shows the RM and SequenceSTR assertions with the SP assertions indicating that SecureConversation is to be used.

·         RMX509.xml - This shows the RM and SequenceSTR assertions with the SP assertions indicating that X.509 is to be used.

·         RMHttps.xml  - This shows the RM assertion with the SP assertion indicating HTTPS is to be used. Note there is no SequenceSTR assertion in this example as the STR would not be used. Also I included in the comments here an alternate HTTPS binding showing additional options that are currently being considered in the SX TC. I believe this supports Gil’s current proposal for issue 121.

 

Regards,

Marc g

 

<?xml version="1.0" encoding="utf-8" ?>
<wsp:Policy 
  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; 
  xmlns:wsrmp="http://docs.oasis-open.org/ws-rx/wsrmp/200602";
  xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512";
  >
  <wsp:ExactlyOne>
    <wsp:All>
      <wsrmp:RMAssertion/>
      <sp:TransportBinding>
        <wsp:Policy>
          <sp:TransportToken>
            <wsp:Policy>
              <sp:HttpsToken RequireClientCertificate="false"/>
              <!-- Pending outcome of WS-SX issue 75-->
              <!--<sp:HttpsToken>
                <wsp:Policy>
                  --><!-- either --><!--
                  <sp:requireClientCertificate/>
                  --><!-- or --><!--
                  <sp:HttpBasicAuthentication />
                  --><!-- or --><!--
                  <sp:HttpDigestAuthentication />
                </wsp:Policy>
              </sp:HttpsToken>-->
            </wsp:Policy>
          </sp:TransportToken>
          <sp:AlgorithmSuite>
            <wsp:Policy>
              <sp:Basic256/>
            </wsp:Policy>
          </sp:AlgorithmSuite>
        </wsp:Policy>
      </sp:TransportBinding>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

<?xml version="1.0" encoding="utf-8" ?>
<wsp:Policy
  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; 
  xmlns:wsrmp="http://docs.oasis-open.org/ws-rx/wsrmp/200602";
  xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512";
  >
  <wsp:ExactlyOne>
    <wsp:All>
      <wsrmp:RMAssertion/>
      <wsrmp:SequenceSTR/>
      <sp:SymmetricBinding>
        <wsp:Policy>
          <sp:ProtectionToken>
            <wsp:Policy>
              <sp:SecureConversationToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient";>
                <wsp:Policy>
                  <sp:RequireDerivedKeys />
                  <sp:BootstrapPolicy>
                    <wsp:Policy>
                      <sp:SignedParts>
                        <sp:Body />
                        <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"; />
                        <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"; />
                        <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"; />
                        <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"; />
                        <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"; />
                        <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"; />
                        <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"; />
                      </sp:SignedParts>
                      <sp:EncryptedParts>
                        <sp:Body />
                      </sp:EncryptedParts>
                      <sp:SymmetricBinding>
                        <wsp:Policy>
                          <sp:ProtectionToken>
                            <wsp:Policy>
                              <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/Never";>
                                <wsp:Policy>
                                  <sp:RequireDerivedKeys />
                                  <sp:RequireThumbprintReference />
                                  <sp:WssX509V3Token10 />
                                </wsp:Policy>
                              </sp:X509Token>
                            </wsp:Policy>
                          </sp:ProtectionToken>
                          <sp:AlgorithmSuite>
                            <wsp:Policy>
                              <sp:Basic128Rsa15 />
                            </wsp:Policy>
                          </sp:AlgorithmSuite>
                          <sp:Layout>
                            <wsp:Policy>
                              <sp:Strict />
                            </wsp:Policy>
                          </sp:Layout>
                          <sp:IncludeTimestamp />
                          <sp:EncryptSignature />
                          <sp:OnlySignEntireHeadersAndBody />
                        </wsp:Policy>
                      </sp:SymmetricBinding>
                      <sp:EndorsingSupportingTokens>
                        <wsp:Policy>
                          <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient";>
                             <wsp:Policy>
                              <sp:RequireThumbprintReference />
                              <sp:WssX509V3Token10 />
                            </wsp:Policy>
                          </sp:X509Token>
                        </wsp:Policy>
                      </sp:EndorsingSupportingTokens>
                      <sp:Wss11>
                        <wsp:Policy>
                          <sp:MustSupportRefKeyIdentifier />
                          <sp:MustSupportRefIssuerSerial />
                          <sp:MustSupportRefThumbprint />
                          <sp:MustSupportRefEncryptedKey />
                          <sp:RequireSignatureConfirmation />
                        </wsp:Policy>
                      </sp:Wss11>
                    </wsp:Policy>
                  </sp:BootstrapPolicy>
                </wsp:Policy>
              </sp:SecureConversationToken>
            </wsp:Policy>
          </sp:ProtectionToken>
          <sp:AlgorithmSuite>
            <wsp:Policy>
              <sp:Basic128Rsa15 />
            </wsp:Policy>
          </sp:AlgorithmSuite>
          <sp:Layout>
            <wsp:Policy>
              <sp:Strict />
            </wsp:Policy>
          </sp:Layout>
          <sp:IncludeTimestamp />
          <sp:EncryptSignature />
          <sp:OnlySignEntireHeadersAndBody />
        </wsp:Policy>
      </sp:SymmetricBinding>
      <sp:Wss11>
        <wsp:Policy>
          <sp:MustSupportRefKeyIdentifier />
          <sp:MustSupportRefIssuerSerial />
          <sp:MustSupportRefThumbprint />
          <sp:MustSupportRefEncryptedKey />
        </wsp:Policy>
      </sp:Wss11>
      <sp:Trust10>
        <wsp:Policy>
          <sp:MustSupportIssuedTokens />
          <sp:RequireClientEntropy />
          <sp:RequireServerEntropy />
        </wsp:Policy>
      </sp:Trust10>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>
<?xml version="1.0" encoding="utf-8" ?>
<wsp:Policy
  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; 
  xmlns:wsrmp="http://docs.oasis-open.org/ws-rx/wsrmp/200602";
  xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512";
  >
  <wsp:ExactlyOne>
    <wsp:All>
      <wsrmp:RMAssertion/>
      <wsrmp:SequenceSTR/>
      <sp:SymmetricBinding>
        <wsp:Policy>
          <sp:ProtectionToken>
            <wsp:Policy>
              <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/Never";>
                <wsp:Policy>
                  <sp:RequireDerivedKeys />
                  <sp:RequireThumbprintReference />
                  <sp:WssX509V3Token10 />
                </wsp:Policy>
              </sp:X509Token>
            </wsp:Policy>
          </sp:ProtectionToken>
          <sp:AlgorithmSuite>
            <wsp:Policy>
              <sp:Basic128Rsa15 />
            </wsp:Policy>
          </sp:AlgorithmSuite>
          <sp:Layout>
            <wsp:Policy>
              <sp:Strict />
            </wsp:Policy>
          </sp:Layout>
          <sp:IncludeTimestamp />
          <sp:EncryptSignature />
          <sp:OnlySignEntireHeadersAndBody />
        </wsp:Policy>
      </sp:SymmetricBinding>
	  <sp:EndorsingSupportingTokens>
		<wsp:Policy>
		  <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient";>
			<wsp:Policy>
			  <sp:RequireThumbprintReference /> 
			  <sp:WssX509V3Token10 /> 
			</wsp:Policy>
		  </sp:X509Token>
		</wsp:Policy>
	  </sp:EndorsingSupportingTokens>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]