[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Issue 55: Clarification on RequireDerivedKeys and X509Token under AsymmetricBinding
I have not seen any further discussion of this. It sounds like the spec is clear on how to interpret this. I suggest we close this issue with no action. Marc Goodner Technical Diplomat Microsoft Corporation Tel: (425) 703-1903 Blog: http://spaces.msn.com/mrgoodner/ -----Original Message----- From: Martin Gudgin [mailto:mgudgin@microsoft.com] Sent: Tuesday, May 16, 2006 9:49 PM To: K.Venugopal@Sun.COM; Paul Cotton Cc: ws-sx@lists.oasis-open.org Subject: RE: [ws-sx] Issue 55: Clarification on RequireDerivedKeys and X509Token under AsymmetricBinding I've now had chance to spend some time looking at this. Given the policy below I would expect the following; 1. the request message would be signed with the initiator's private key and encrypted with a key derived from a symmetric key that is encrypted with the recipient's public key. 2. the response message would be signed with the recipient's private key and encrypted with a key derived from a symmetric key that is encrypted with the initiator's public key. In both cases how the key is derived will be specified in the wsc:DerivedKeyToken in the message. Cheers Gudge > -----Original Message----- > From: K.Venugopal@Sun.COM [mailto:K.Venugopal@Sun.COM] > Sent: 11 April 2006 10:42 > To: Paul Cotton > Cc: ws-sx@lists.oasis-open.org > Subject: Re: [ws-sx] Issue 55: Clarification on RequireDerivedKeys and > X509Token under AsymmetricBinding > > Hi Paul, > > Sorry for the delayed response , please see inline > > Paul Cotton wrote: > > From today's F2F draft minutes: > > > > === > > i055 Clarification on RequireDerivedKeys and X509Token under > > AsymmetricBinding > > http://lists.oasis-open.org/archives/ws-sx/200603/msg00121.html > > > > The TC discussed this issue but it was not clear what use > the case that > > K. Venugopal was discussing. The TC would like him to > better explain > > his use case so that we can understand the issue. > > == > > > > Please clarify your use case and/or restate your questions > since the TC > > does not yet understand your questions. > > > > > <deleted/> > In context to my previous mail let me know if this helps. > > If I have a policy like shown below , I would like to know how the > message is secured. How are the keys derived. > > <sp:AsymmetricBinding > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> > <wsp:Policy> > <sp:InitiatorToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securit > ypolicy/IncludeToken/AlwaysToRecipient"> > <wsp:Policy> > <sp:WssX509V3Token10 /> > <sp:RequireDerivedKeys/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:InitiatorToken> > > <sp:RecipientToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securit > ypolicy/IncludeToken/Never"> > <wsp:Policy> > <sp:WssX509V3Token10 /> > <sp:RequireDerivedKeys/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:RecipientToken> > > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic256 /> > </wsp:Policy> > </sp:AlgorithmSuite> > > <sp:Layout> > <wsp:Policy> > <sp:Lax /> > </wsp:Policy> > </sp:Layout> > > <sp:IncludeTimestamp /> > > <sp:OnlySignEntireHeadersAndBody /> > </wsp:Policy> > </sp:AsymmetricBinding> > > Thank You, > Venu >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]