OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-rx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: FW: [ws-sx] NEW ISSUE: How to reference a specific SC wheninitiating a session? Re. Issues 121, 122, 123

Below is a note Prateek Mishra just sent to the WS-SX TC to raise an
issue re. securing a message.  It is our view that this is a general 
problem and if we have a solution for it that solution can be also used 
to secure an RX sequence.

All the best, Ashok
 

> -----Original Message-----
> From: Prateek Mishra [mailto:prateek.mishra@oracle.com] 
> Sent: Tuesday, June 20, 2006 8:12 AM
> To: ws-sx@lists.oasis-open.org
> Cc: Marc Goodner
> Subject: [ws-sx] NEW ISSUE: How to reference a specific SC 
> when initiating a session?
> 
> *PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON 
> THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER.  *
> 
> *The issues coordinators will notify the list when that has occurred.*
> 
> * *
> 
> Protocol:   ws-sc
> 
> http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.ph
> p/18838/ws-secureconversation-1.3-spec-ed-01-r06-diff.doc
> 
> 
>  
> 
> Artifact:  spec
> 
>  
> 
> Type:
> 
> design
> 
>  
> 
> Title:
> 
> NEW ISSUE: How to reference a specific SC when initiating a session?
> 
>  
> 
> Description:
> 
> This issue concerns the following use-case: a requestor 
> wishes to participate in a multi-message session with a recipient.
> The requestor  acquires a SC token by some means from its 
> local security system and adds it to the security header of a 
> SOAP message.
> The SOAP message is meant to initiate a sequence of exchanges 
> with the recipient, all of which are to be protected by the 
> SC token. Notice that in general, the SOAP message may carry 
> several security headers including other security tokens.
>  
> How can the requestor indicate to the recipient that a 
> specific SC token is to be used for the session?
> 
>  
> 
> Related issues:
> 
> http://lists.oasis-open.org/archives/ws-rx/200606/msg00036.html
> 
>  
> 
> Proposed Resolution:
> 
> My best guess here is that the requestor add a new STR to the header.
> The STR would include a reference to the SC and include in 
> its usage attribute a URI referencing the message body. If 
> this is acceptable to the TC, we need to include some text 
> explaining this "security pattern".
> 
> 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]