[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ws-sx] Issue 76: How to reference a specific SC when initiatinga session?
[MG] >Prateek, > >Isn't this scenario addressed by lines 272-288 of >WS-SecureConversation[1]? > >Gudge > > > > [MG] Martin, Yes, I agree that 272-288 provides a mechanism for a party to indicate to a recipient that they wish to initiate a session with them. I can also see that the context attribute could be profiled to indicate the specific processing model desired. I am also trying to understand the role of Section 8 in relation to this text. In other words, do we need the approach of Section 8 in combination with 272-288 or is 272-288 adequate. One of the unfortunate aspects of Section 8 is that requires STRs to be embedded within application messages. - prateek > > >>-----Original Message----- >>From: Marc Goodner [mailto:mgoodner@microsoft.com] >>Sent: 20 June 2006 16:23 >>To: Prateek Mishra; ws-sx@lists.oasis-open.org >>Subject: [ws-sx] Issue 76: How to reference a specific SC >>when initiating a session? >> >>Tracked as Issue 76. >> >>-----Original Message----- >>From: Prateek Mishra [mailto:prateek.mishra@oracle.com] >>Sent: Tuesday, June 20, 2006 11:12 AM >>To: ws-sx@lists.oasis-open.org >>Cc: Marc Goodner >>Subject: NEW ISSUE: How to reference a specific SC when initiating a >>session? >> >>*PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL >>THE ISSUE IS ASSIGNED A NUMBER. * >> >>*The issues coordinators will notify the list when that has occurred.* >> >>* * >> >>Protocol: ws-sc >> >>http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.ph >>p/18838/ws >>-secureconversation-1.3-spec-ed-01-r06-diff.doc >> >> >> >> >>Artifact: spec >> >> >> >>Type: >> >>design >> >> >> >>Title: >> >>NEW ISSUE: How to reference a specific SC when initiating a session? >> >> >> >>Description: >> >>This issue concerns the following use-case: a requestor wishes to >>participate in a multi-message session with a recipient. >>The requestor acquires a SC token by some means from its >>local security >>system and adds it to the security header of a SOAP message. >>The SOAP message is meant to initiate a sequence of exchanges with the >>recipient, all of which are to be protected by the SC token. >>Notice that >>in general, the SOAP message may carry several security headers >>including other security tokens. >> >>How can the requestor indicate to the recipient that a >>specific SC token >>is to be used for the session? >> >> >> >>Related issues: >> >>http://lists.oasis-open.org/archives/ws-rx/200606/msg00036.html >> >> >> >>Proposed Resolution: >> >>My best guess here is that the requestor add a new STR to the header. >>The STR would include a reference to the SC and include in its usage >>attribute a URI referencing the message body. If this is acceptable to >>the TC, we need to include some text explaining this >>"security pattern". >> >> >> >> > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]