[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-rx] Amendment to Microsoft/IBM proposal for i122-i124
OK, I'm happy. I can support this amendment to our proposal. Thanks. -----Original Message----- From: Gilbert Pilz [mailto:Gilbert.Pilz@bea.com] Sent: Wednesday, July 12, 2006 1:48 PM To: Marc Goodner; ws-rx@lists.oasis-open.org Subject: RE: [ws-rx] Amendment to Microsoft/IBM proposal for i122-i124 Attached is a revised version of our amendment that addresses your concerns about forcing the selection of a security mechanism. Basically the meaning of the assertion has been changed from "you must bind the RM Sequence to an SSL/TLS session" to "you must bind the RM Sequence to the session of the underlying transport-level security protocol" thus leaving the selection of that protocol up to WS-SP. The really big change is from this: "This assertion MUST only occur in conjunction with the <wsrmp:RMAssertion/> and a <sp:TransportBinding> assertion that specifies the use of SSL/TLS." to this: "This assertion is effectively meaningless unless it occurs in conjunction with the wsrmp:RMAssertion and a sp:TransportBinding assertion that requires the use of some transport-level security mechanism (e.g. sp:HttpsToken)." - gp > -----Original Message----- > From: Marc Goodner [mailto:mgoodner@microsoft.com] > Sent: Wednesday, July 12, 2006 11:39 AM > To: Gilbert Pilz; ws-rx@lists.oasis-open.org > Subject: RE: [ws-rx] Amendment to Microsoft/IBM proposal for i122-i124 > > The new header you propose seems fine. I am concerned that specifying > an assertion like SequenceSSL steps into the SP domain by making the > selection of the security mechanism. > Tagging that an STR will be present does not as all of the specific > security mechanisms are left to SP itself. > > -----Original Message----- > From: Gilbert Pilz [mailto:Gilbert.Pilz@bea.com] > Sent: Monday, July 10, 2006 10:28 PM > To: ws-rx@lists.oasis-open.org > Subject: [ws-rx] Amendment to Microsoft/IBM proposal for i122-i124 > > I would like to propose the attached amendment to the Microsoft/IBM > proposal. This material is presented as a set of additions and changes > to the version of the Microsoft/IBM proposal posted here: > http://lists.oasis-open.org/archives/ws-rx/200607/msg00036.html > > This amendment seeks to accomplish the following: > > 1.) Support the use of SSL/TLS to protect Sequences against spoofing > attacks. > > 2.) Render (1) in a way that does not require implementations to > understand STR's and their various referencing mechanisms, processing > rules, etc. > > 2.) Define a WS-Policy assertion that specifies a requirement to bind > Sequences to SSL/TLS sessions. > > - gp > > p.s. The general notion of this amendment could also apply to the > Oracle/SAP proposal posted here > (http://lists.oasis-open.org/archives/ws-rx/200607/msg00054.html) > though, obviously, the specific wording would have to change. > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]