OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ws-sx] Issue 80: Handling EncryptParts/Elements specified underSupportingTokens

Hi Martin,

Martin Gudgin wrote:
> Supporting tokens doesn't really have a notion of sender/recipient, but
> I take your more general point that it is possible to specify a token
> under SupportingTokens that, for one reason or another, can't be used to
> encrypt anything (perhaps because it is not associated with any key
> material, for example). If EncryptedParts/Elements assertions are
> present, this will result in an error. 
>
> I could see adding some text to the supporting tokens section
> encouraging policy writers to make sure the tokens they specify can
> actually satisfy the other requirements they put into the supporting
> token assertion. 
>
> Does that make sense?
>   
this works for me.

Thanks,
Venu
> Gudge
>
>
>   
>> -----Original Message-----
>> From: Marc Goodner [mailto:mgoodner@microsoft.com] 
>> Sent: 28 June 2006 15:02
>> To: K.Venugopal@Sun.COM; ws-sx@lists.oasis-open.org
>> Subject: [ws-sx] Issue 80: Handling EncryptParts/Elements 
>> specified under SupportingTokens
>>
>> Issue 80...
>>
>> -----Original Message-----
>> From: K.Venugopal@Sun.COM [mailto:K.Venugopal@Sun.COM] 
>> Sent: Wednesday, June 28, 2006 4:29 AM
>> To: ws-sx@lists.oasis-open.org
>> Cc: Marc Goodner
>> Subject: [ws-sx] New Issue : Handling EncryptParts/Elements specified
>> under SupportingTokens
>>
>> PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
>> THE ISSUE IS ASSIGNED A NUMBER.
>> The issues coordinators will notify the list when that has occurred.
>>
>> Protocol : WS-SP
>>
>> Artifact :  SPEC
>>
>> Type : design
>>
>> Title :  Handling EncryptParts specified under SupportingTokens
>>
>> Description :
>>
>>        It is not clear from the spec on how EncryptParts 
>> specified under
>> supportingtokens need to be secured.
>> eg :  If the X509Token present under a SupportingToken is that of the
>> sender , how can it be used to encrypt the message parts identified by
>> EncryptParts/Elements that are specified under the supporting token.
>>
>>             <sp:SupportingTokens
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>>                 <wsp:Policy>
>>                 <sp:X509Token
>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securit
>> ypolicy/In
>> cludeToken/Always">
>>                     <wsp:Policy>
>>                         <sp:WssX509V3Token11 />
>>                     </wsp:Policy>
>>                 </sp:X509Token>
>>                 <sp:AlgorithmSuite>
>>                         <wsp:Policy>
>>                             <sp:TripleDes />
>>                         </wsp:Policy>
>>                 </sp:AlgorithmSuite>
>>                 <sp:EncryptedParts
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>>                     <sp:Body />               
>>                 </sp:EncryptedParts>
>>                 </wsp:Policy>
>>             </sp:SupportingTokens>
>>
>>
>> Related issues:
>>
>> None
>>
>> Proposed Resolution:
>>
>> None
>>
>>
>> Regards ,
>> Venu
>>
>>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]