RE: [ws-rx] Amendment to Microsoft/IBM proposal for i122-i124

["Raepple, Martin" <martin.raepple@sap.com>]

Even with these updates, we believe that BEA's proposal for addressing
SSL/TLS composes with the Oracle-SAP proposal. Gil, do you agree?

- Martin

>-----Original Message-----
>From: Gilbert Pilz [mailto:Gilbert.Pilz@bea.com] 
>Sent: Mittwoch, 12. Juli 2006 22:48
>To: Marc Goodner; ws-rx@lists.oasis-open.org
>Subject: RE: [ws-rx] Amendment to Microsoft/IBM proposal for i122-i124
>
>Attached is a revised version of our amendment that addresses your
>concerns about forcing the selection of a security mechanism. Basically
>the meaning of the assertion has been changed from "you must 
>bind the RM
>Sequence to an SSL/TLS session" to "you must bind the RM 
>Sequence to the
>session of the underlying transport-level security protocol" thus
>leaving the selection of that protocol up to WS-SP.
>
>The really big change is from this:
>
>"This assertion MUST only occur in conjunction with the
><wsrmp:RMAssertion/> and a <sp:TransportBinding> assertion that
>specifies the use of SSL/TLS."
>
>to this:
>
>"This assertion is effectively meaningless unless it occurs in
>conjunction with the wsrmp:RMAssertion and a sp:TransportBinding
>assertion that requires the use of some transport-level security
>mechanism (e.g. sp:HttpsToken)."
>
>- gp
>
>> -----Original Message-----
>> From: Marc Goodner [mailto:mgoodner@microsoft.com] 
>> Sent: Wednesday, July 12, 2006 11:39 AM
>> To: Gilbert Pilz; ws-rx@lists.oasis-open.org
>> Subject: RE: [ws-rx] Amendment to Microsoft/IBM proposal for 
>i122-i124
>> 
>> The new header you propose seems fine. I am concerned that 
>> specifying an assertion like SequenceSSL steps into the SP 
>> domain by making the selection of the security mechanism. 
>> Tagging that an STR will be present does not as all of the 
>> specific security mechanisms are left to SP itself. 
>> 
>> -----Original Message-----
>> From: Gilbert Pilz [mailto:Gilbert.Pilz@bea.com]
>> Sent: Monday, July 10, 2006 10:28 PM
>> To: ws-rx@lists.oasis-open.org
>> Subject: [ws-rx] Amendment to Microsoft/IBM proposal for i122-i124
>> 
>> I would like to propose the attached amendment to the 
>> Microsoft/IBM proposal. This material is presented as a set 
>> of additions and changes to the version of the Microsoft/IBM 
>> proposal posted here:
>> http://lists.oasis-open.org/archives/ws-rx/200607/msg00036.html
>> 
>> This amendment seeks to accomplish the following:
>> 
>> 1.) Support the use of SSL/TLS to protect Sequences against 
>> spoofing attacks.
>> 
>> 2.) Render (1) in a way that does not require implementations 
>> to understand STR's and their various referencing mechanisms, 
>> processing rules, etc.
>> 
>> 2.) Define a WS-Policy assertion that specifies a requirement 
>> to bind Sequences to SSL/TLS sessions.
>> 
>> - gp
>> 
>> p.s. The general notion of this amendment could also apply to 
>> the Oracle/SAP proposal posted here
>> (http://lists.oasis-open.org/archives/ws-rx/200607/msg00054.html)
>> though, obviously, the specific wording would have to change.
>> 
>> 
>