OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ws-sx] Issue 76: How to reference a specific SC when initiatinga session?

[MG]

>Prateek,
>
>Isn't this scenario addressed by lines 272-288 of
>WS-SecureConversation[1]?
>
>Gudge
>
>
>  
>
[MG]

Martin,

Yes, I agree that 272-288 provides a mechanism for a party to indicate 
to a recipient that they wish to initiate a session with them. I can 
also see
that the context attribute could be profiled to indicate the specific 
processing model desired.

I am also trying to understand the role of Section 8 in relation to this 
text. In other words, do we need the approach of Section 8 in 
combination with 272-288 or
is 272-288 adequate. One of the unfortunate aspects of Section 8 is that 
requires STRs to be embedded within application messages.

- prateek

>  
>
>>-----Original Message-----
>>From: Marc Goodner [mailto:mgoodner@microsoft.com] 
>>Sent: 20 June 2006 16:23
>>To: Prateek Mishra; ws-sx@lists.oasis-open.org
>>Subject: [ws-sx] Issue 76: How to reference a specific SC 
>>when initiating a session?
>>
>>Tracked as Issue 76.
>>
>>-----Original Message-----
>>From: Prateek Mishra [mailto:prateek.mishra@oracle.com] 
>>Sent: Tuesday, June 20, 2006 11:12 AM
>>To: ws-sx@lists.oasis-open.org
>>Cc: Marc Goodner
>>Subject: NEW ISSUE: How to reference a specific SC when initiating a
>>session?
>>
>>*PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
>>THE ISSUE IS ASSIGNED A NUMBER.  *
>>
>>*The issues coordinators will notify the list when that has occurred.*
>>
>>* *
>>
>>Protocol:   ws-sc
>>
>>http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.ph
>>p/18838/ws
>>-secureconversation-1.3-spec-ed-01-r06-diff.doc 
>>
>>
>> 
>>
>>Artifact:  spec
>>
>> 
>>
>>Type:
>>
>>design
>>
>> 
>>
>>Title:
>>
>>NEW ISSUE: How to reference a specific SC when initiating a session?
>>
>> 
>>
>>Description:
>>
>>This issue concerns the following use-case: a requestor wishes to
>>participate in a multi-message session with a recipient. 
>>The requestor  acquires a SC token by some means from its 
>>local security
>>system and adds it to the security header of a SOAP message. 
>>The SOAP message is meant to initiate a sequence of exchanges with the
>>recipient, all of which are to be protected by the SC token. 
>>Notice that
>>in general, the SOAP message may carry several security headers
>>including other security tokens.
>> 
>>How can the requestor indicate to the recipient that a 
>>specific SC token
>>is to be used for the session?
>>
>> 
>>
>>Related issues:
>>
>>http://lists.oasis-open.org/archives/ws-rx/200606/msg00036.html
>>
>> 
>>
>>Proposed Resolution:
>>
>>My best guess here is that the requestor add a new STR to the header. 
>>The STR would include a reference to the SC and include in its usage
>>attribute a URI referencing the message body. If this is acceptable to
>>the TC, we need to include some text explaining this 
>>"security pattern".
>>
>>
>>    
>>
>
>  
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]