Re: [ws-sx] Issue 80: Handling EncryptParts/Elements specified underSupportingTokens

[Venu <K.Venugopal@Sun.COM>]

Hi Martin,

Martin Gudgin wrote:
> Venu,
>
> What text is there in the spec that would lead you to believe the
> behaviour of the various SupportingTokens with respect to
>   
Atleast for me it was not clear from the spec that if TransportBinding 
is used then should the supporting tokens sign/encrypt the targets 
identified by SignedParts/Encrypted Parts specified under them.
I know we should sign the timestamp for eg: EndorsingSupportingToken.

Regards
Venu
> Signed/Encrypted parts would be different when a TransportBinding is
> used?
>
> Gudge
>
>   
>> -----Original Message-----
>> From: K.Venugopal@Sun.COM [mailto:K.Venugopal@Sun.COM] 
>> Sent: 20 July 2006 06:35
>> To: Martin Gudgin
>> Cc: Marc Goodner; ws-sx@lists.oasis-open.org
>> Subject: Re: [ws-sx] Issue 80: Handling EncryptParts/Elements 
>> specified under SupportingTokens
>>
>> Venu wrote:
>>     
>>> Hi Martin,
>>>
>>> Martin Gudgin wrote:
>>>       
>>>> Supporting tokens doesn't really have a notion of 
>>>>         
>> sender/recipient, but
>>     
>>>> I take your more general point that it is possible to 
>>>>         
>> specify a token
>>     
>>>> under SupportingTokens that, for one reason or another, 
>>>>         
>> can't be used to
>>     
>>>> encrypt anything (perhaps because it is not associated with any key
>>>> material, for example). If EncryptedParts/Elements assertions are
>>>> present, this will result in an error.
>>>> I could see adding some text to the supporting tokens section
>>>> encouraging policy writers to make sure the tokens they specify can
>>>> actually satisfy the other requirements they put into the 
>>>>         
>> supporting
>>     
>>>> token assertion.
>>>> Does that make sense?
>>>>   
>>>>         
>>> this works for me.
>>>       
>> Would also appreciate if the text clarified the behavior of 
>> SignedParts,EncryptParts under various SupportingTokens  when 
>> TransportBinding is used
>>
>> Thanks,
>> Venu
>>     
>>> Thanks,
>>> Venu
>>>       
>>>> Gudge
>>>>
>>>>
>>>>  
>>>>         
>>>>> -----Original Message-----
>>>>> From: Marc Goodner [mailto:mgoodner@microsoft.com] Sent: 28 June 
>>>>> 2006 15:02
>>>>> To: K.Venugopal@Sun.COM; ws-sx@lists.oasis-open.org
>>>>> Subject: [ws-sx] Issue 80: Handling EncryptParts/Elements 
>>>>>           
>> specified 
>>     
>>>>> under SupportingTokens
>>>>>
>>>>> Issue 80...
>>>>>
>>>>> -----Original Message-----
>>>>> From: K.Venugopal@Sun.COM [mailto:K.Venugopal@Sun.COM] Sent: 
>>>>> Wednesday, June 28, 2006 4:29 AM
>>>>> To: ws-sx@lists.oasis-open.org
>>>>> Cc: Marc Goodner
>>>>> Subject: [ws-sx] New Issue : Handling 
>>>>>           
>> EncryptParts/Elements specified
>>     
>>>>> under SupportingTokens
>>>>>
>>>>> PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON 
>>>>>           
>> THREAD UNTIL
>>     
>>>>> THE ISSUE IS ASSIGNED A NUMBER.
>>>>> The issues coordinators will notify the list when that 
>>>>>           
>> has occurred.
>>     
>>>>> Protocol : WS-SP
>>>>>
>>>>> Artifact :  SPEC
>>>>>
>>>>> Type : design
>>>>>
>>>>> Title :  Handling EncryptParts specified under SupportingTokens
>>>>>
>>>>> Description :
>>>>>
>>>>>        It is not clear from the spec on how EncryptParts 
>>>>>           
>> specified 
>>     
>>>>> under
>>>>> supportingtokens need to be secured.
>>>>> eg :  If the X509Token present under a SupportingToken is 
>>>>>           
>> that of the
>>     
>>>>> sender , how can it be used to encrypt the message parts 
>>>>>           
>> identified by
>>     
>>>>> EncryptParts/Elements that are specified under the 
>>>>>           
>> supporting token.
>>     
>>>>>             <sp:SupportingTokens
>>>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>>>>>                 <wsp:Policy>
>>>>>                 <sp:X509Token
>>>>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securit
>>>>> ypolicy/In
>>>>> cludeToken/Always">
>>>>>                     <wsp:Policy>
>>>>>                         <sp:WssX509V3Token11 />
>>>>>                     </wsp:Policy>
>>>>>                 </sp:X509Token>
>>>>>                 <sp:AlgorithmSuite>
>>>>>                         <wsp:Policy>
>>>>>                             <sp:TripleDes />
>>>>>                         </wsp:Policy>
>>>>>                 </sp:AlgorithmSuite>
>>>>>                 <sp:EncryptedParts
>>>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>>>>>                     <sp:Body />                               
>>>>> </sp:EncryptedParts>
>>>>>                 </wsp:Policy>
>>>>>             </sp:SupportingTokens>
>>>>>
>>>>>
>>>>> Related issues:
>>>>>
>>>>> None
>>>>>
>>>>> Proposed Resolution:
>>>>>
>>>>> None
>>>>>
>>>>>
>>>>> Regards ,
>>>>> Venu
>>>>>
>>>>>     
>>>>>           
>>