RE: [ws-rx] Amendment to Microsoft/IBM proposal for i122-i124

["Marc Goodner" <mgoodner@microsoft.com>]

OK, I'm happy. I can support this amendment to our proposal. Thanks.

-----Original Message-----
From: Gilbert Pilz [mailto:Gilbert.Pilz@bea.com] 
Sent: Wednesday, July 12, 2006 1:48 PM
To: Marc Goodner; ws-rx@lists.oasis-open.org
Subject: RE: [ws-rx] Amendment to Microsoft/IBM proposal for i122-i124

Attached is a revised version of our amendment that addresses your
concerns about forcing the selection of a security mechanism. Basically
the meaning of the assertion has been changed from "you must bind the RM
Sequence to an SSL/TLS session" to "you must bind the RM Sequence to the
session of the underlying transport-level security protocol" thus
leaving the selection of that protocol up to WS-SP.

The really big change is from this:

"This assertion MUST only occur in conjunction with the
<wsrmp:RMAssertion/> and a <sp:TransportBinding> assertion that
specifies the use of SSL/TLS."

to this:

"This assertion is effectively meaningless unless it occurs in
conjunction with the wsrmp:RMAssertion and a sp:TransportBinding
assertion that requires the use of some transport-level security
mechanism (e.g. sp:HttpsToken)."

- gp

> -----Original Message-----
> From: Marc Goodner [mailto:mgoodner@microsoft.com]
> Sent: Wednesday, July 12, 2006 11:39 AM
> To: Gilbert Pilz; ws-rx@lists.oasis-open.org
> Subject: RE: [ws-rx] Amendment to Microsoft/IBM proposal for i122-i124
> 
> The new header you propose seems fine. I am concerned that specifying 
> an assertion like SequenceSSL steps into the SP domain by making the 
> selection of the security mechanism.
> Tagging that an STR will be present does not as all of the specific 
> security mechanisms are left to SP itself.
> 
> -----Original Message-----
> From: Gilbert Pilz [mailto:Gilbert.Pilz@bea.com]
> Sent: Monday, July 10, 2006 10:28 PM
> To: ws-rx@lists.oasis-open.org
> Subject: [ws-rx] Amendment to Microsoft/IBM proposal for i122-i124
> 
> I would like to propose the attached amendment to the Microsoft/IBM 
> proposal. This material is presented as a set of additions and changes

> to the version of the Microsoft/IBM proposal posted here:
> http://lists.oasis-open.org/archives/ws-rx/200607/msg00036.html
> 
> This amendment seeks to accomplish the following:
> 
> 1.) Support the use of SSL/TLS to protect Sequences against spoofing 
> attacks.
> 
> 2.) Render (1) in a way that does not require implementations to 
> understand STR's and their various referencing mechanisms, processing 
> rules, etc.
> 
> 2.) Define a WS-Policy assertion that specifies a requirement to bind 
> Sequences to SSL/TLS sessions.
> 
> - gp
> 
> p.s. The general notion of this amendment could also apply to the 
> Oracle/SAP proposal posted here
> (http://lists.oasis-open.org/archives/ws-rx/200607/msg00054.html)
> though, obviously, the specific wording would have to change.
> 
>