[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Issue 25: Chap. 6.5 [Token protection] conflicts with chapter 8.3 and 8.4.
Comments inline Cheers Gudge > -----Original Message----- > From: Marc Goodner [mailto:mgoodner@microsoft.com] > Sent: 09 February 2006 20:40 > To: Dittmann, Werner; ws-sx@lists.oasis-open.org > Subject: [ws-sx] Issue 25: Chap. 6.5 [Token protection] > conflicts with chapter 8.3 and 8.4. > > This is now logged as issue 25. > > Marc Goodner > Technical Diplomat > Microsoft Corporation > Tel: (425) 703-1903 > Blog: http://spaces.msn.com/mrgoodner/ > > > -----Original Message----- > From: Dittmann, Werner [mailto:werner.dittmann@siemens.com] > Sent: Thursday, February 09, 2006 12:06 AM > To: ws-sx@lists.oasis-open.org > Cc: Marc Goodner > Subject: [ws-sx] NEW Issue: Chap. 6.5 [Token protection] > conflicts with > chapter 8.3 and 8.4. > > PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL > THE ISSUE IS ASSIGNED A NUMBER. > > The issues coordinators will notify the list when that has occurred. > > Protocol: ws-sp > ws-securitypolicy-1.2-spec-ed-01-r03-diff.pdf > > Artifact: spec > > Type: design > > Title: Chap. 6.5 [Token protection] conflicts with chapter > 8.3 and 8.4. > > Description: > > If the policy uses EndorsingSupportingTokens _and_ sets [Token > Protection] then I have the same behaviour as defined for > SignedEndorsingSupportingTokens. Is that true? > > On the other hand if I use SignedEndorsingSupportingTokens and do > _not_ set [Token Protection] - what should be the result in that case? [MJG] I think the two things are different; If [Token Protection] is true, then each signature covers the token that generated it. So the main signature ( the one over the message headers and body ) covers the main token (e.g. [Protection Token] in a symmetric binding). Endorsing signatures cover the endorsing token. For a Signed*SupportingToken the supporting token is covered by the *main* message signature. If you have a SignedEndorsingSupportingToken *and* [Token Protection] is set to 'true' then the supporting token is signed twice, once by the main signature and once by the endorsing signature. > > Related issues: > > > Proposed Resolution: > Clarify behaviour of these interdependencies. > > > Werner Dittmann > Siemens COM MN CC BD TO > mailto:Werner.Dittmann@siemens.com > Tel: +49(0)89 636 50265 > Mobil: +49(0)172 85 85 245 >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]