[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-rx] Amendment to Microsoft/IBM proposal for i122-i124
Even with these updates, we believe that BEA's proposal for addressing SSL/TLS composes with the Oracle-SAP proposal. Gil, do you agree? - Martin >-----Original Message----- >From: Gilbert Pilz [mailto:Gilbert.Pilz@bea.com] >Sent: Mittwoch, 12. Juli 2006 22:48 >To: Marc Goodner; ws-rx@lists.oasis-open.org >Subject: RE: [ws-rx] Amendment to Microsoft/IBM proposal for i122-i124 > >Attached is a revised version of our amendment that addresses your >concerns about forcing the selection of a security mechanism. Basically >the meaning of the assertion has been changed from "you must >bind the RM >Sequence to an SSL/TLS session" to "you must bind the RM >Sequence to the >session of the underlying transport-level security protocol" thus >leaving the selection of that protocol up to WS-SP. > >The really big change is from this: > >"This assertion MUST only occur in conjunction with the ><wsrmp:RMAssertion/> and a <sp:TransportBinding> assertion that >specifies the use of SSL/TLS." > >to this: > >"This assertion is effectively meaningless unless it occurs in >conjunction with the wsrmp:RMAssertion and a sp:TransportBinding >assertion that requires the use of some transport-level security >mechanism (e.g. sp:HttpsToken)." > >- gp > >> -----Original Message----- >> From: Marc Goodner [mailto:mgoodner@microsoft.com] >> Sent: Wednesday, July 12, 2006 11:39 AM >> To: Gilbert Pilz; ws-rx@lists.oasis-open.org >> Subject: RE: [ws-rx] Amendment to Microsoft/IBM proposal for >i122-i124 >> >> The new header you propose seems fine. I am concerned that >> specifying an assertion like SequenceSSL steps into the SP >> domain by making the selection of the security mechanism. >> Tagging that an STR will be present does not as all of the >> specific security mechanisms are left to SP itself. >> >> -----Original Message----- >> From: Gilbert Pilz [mailto:Gilbert.Pilz@bea.com] >> Sent: Monday, July 10, 2006 10:28 PM >> To: ws-rx@lists.oasis-open.org >> Subject: [ws-rx] Amendment to Microsoft/IBM proposal for i122-i124 >> >> I would like to propose the attached amendment to the >> Microsoft/IBM proposal. This material is presented as a set >> of additions and changes to the version of the Microsoft/IBM >> proposal posted here: >> http://lists.oasis-open.org/archives/ws-rx/200607/msg00036.html >> >> This amendment seeks to accomplish the following: >> >> 1.) Support the use of SSL/TLS to protect Sequences against >> spoofing attacks. >> >> 2.) Render (1) in a way that does not require implementations >> to understand STR's and their various referencing mechanisms, >> processing rules, etc. >> >> 2.) Define a WS-Policy assertion that specifies a requirement >> to bind Sequences to SSL/TLS sessions. >> >> - gp >> >> p.s. The general notion of this amendment could also apply to >> the Oracle/SAP proposal posted here >> (http://lists.oasis-open.org/archives/ws-rx/200607/msg00054.html) >> though, obviously, the specific wording would have to change. >> >> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]