[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ws-sx] Issue 80: Handling EncryptParts/Elements specified underSupportingTokens
Hi Martin, Martin Gudgin wrote: > Venu, > > What text is there in the spec that would lead you to believe the > behaviour of the various SupportingTokens with respect to > Atleast for me it was not clear from the spec that if TransportBinding is used then should the supporting tokens sign/encrypt the targets identified by SignedParts/Encrypted Parts specified under them. I know we should sign the timestamp for eg: EndorsingSupportingToken. Regards Venu > Signed/Encrypted parts would be different when a TransportBinding is > used? > > Gudge > > >> -----Original Message----- >> From: K.Venugopal@Sun.COM [mailto:K.Venugopal@Sun.COM] >> Sent: 20 July 2006 06:35 >> To: Martin Gudgin >> Cc: Marc Goodner; ws-sx@lists.oasis-open.org >> Subject: Re: [ws-sx] Issue 80: Handling EncryptParts/Elements >> specified under SupportingTokens >> >> Venu wrote: >> >>> Hi Martin, >>> >>> Martin Gudgin wrote: >>> >>>> Supporting tokens doesn't really have a notion of >>>> >> sender/recipient, but >> >>>> I take your more general point that it is possible to >>>> >> specify a token >> >>>> under SupportingTokens that, for one reason or another, >>>> >> can't be used to >> >>>> encrypt anything (perhaps because it is not associated with any key >>>> material, for example). If EncryptedParts/Elements assertions are >>>> present, this will result in an error. >>>> I could see adding some text to the supporting tokens section >>>> encouraging policy writers to make sure the tokens they specify can >>>> actually satisfy the other requirements they put into the >>>> >> supporting >> >>>> token assertion. >>>> Does that make sense? >>>> >>>> >>> this works for me. >>> >> Would also appreciate if the text clarified the behavior of >> SignedParts,EncryptParts under various SupportingTokens when >> TransportBinding is used >> >> Thanks, >> Venu >> >>> Thanks, >>> Venu >>> >>>> Gudge >>>> >>>> >>>> >>>> >>>>> -----Original Message----- >>>>> From: Marc Goodner [mailto:mgoodner@microsoft.com] Sent: 28 June >>>>> 2006 15:02 >>>>> To: K.Venugopal@Sun.COM; ws-sx@lists.oasis-open.org >>>>> Subject: [ws-sx] Issue 80: Handling EncryptParts/Elements >>>>> >> specified >> >>>>> under SupportingTokens >>>>> >>>>> Issue 80... >>>>> >>>>> -----Original Message----- >>>>> From: K.Venugopal@Sun.COM [mailto:K.Venugopal@Sun.COM] Sent: >>>>> Wednesday, June 28, 2006 4:29 AM >>>>> To: ws-sx@lists.oasis-open.org >>>>> Cc: Marc Goodner >>>>> Subject: [ws-sx] New Issue : Handling >>>>> >> EncryptParts/Elements specified >> >>>>> under SupportingTokens >>>>> >>>>> PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON >>>>> >> THREAD UNTIL >> >>>>> THE ISSUE IS ASSIGNED A NUMBER. >>>>> The issues coordinators will notify the list when that >>>>> >> has occurred. >> >>>>> Protocol : WS-SP >>>>> >>>>> Artifact : SPEC >>>>> >>>>> Type : design >>>>> >>>>> Title : Handling EncryptParts specified under SupportingTokens >>>>> >>>>> Description : >>>>> >>>>> It is not clear from the spec on how EncryptParts >>>>> >> specified >> >>>>> under >>>>> supportingtokens need to be secured. >>>>> eg : If the X509Token present under a SupportingToken is >>>>> >> that of the >> >>>>> sender , how can it be used to encrypt the message parts >>>>> >> identified by >> >>>>> EncryptParts/Elements that are specified under the >>>>> >> supporting token. >> >>>>> <sp:SupportingTokens >>>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> >>>>> <wsp:Policy> >>>>> <sp:X509Token >>>>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securit >>>>> ypolicy/In >>>>> cludeToken/Always"> >>>>> <wsp:Policy> >>>>> <sp:WssX509V3Token11 /> >>>>> </wsp:Policy> >>>>> </sp:X509Token> >>>>> <sp:AlgorithmSuite> >>>>> <wsp:Policy> >>>>> <sp:TripleDes /> >>>>> </wsp:Policy> >>>>> </sp:AlgorithmSuite> >>>>> <sp:EncryptedParts >>>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> >>>>> <sp:Body /> >>>>> </sp:EncryptedParts> >>>>> </wsp:Policy> >>>>> </sp:SupportingTokens> >>>>> >>>>> >>>>> Related issues: >>>>> >>>>> None >>>>> >>>>> Proposed Resolution: >>>>> >>>>> None >>>>> >>>>> >>>>> Regards , >>>>> Venu >>>>> >>>>> >>>>> >>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]