[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss-comment] Password Digest
Jerry Schwarz said: "Put the password in clear into the UsernameToken and then encrypt the UsernameToken. And no, WS-Security doesn't tell you how to distribute the public key to all the clients." Though it is not a standard, http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnwebsrv/html/wssecdrill.asp contains a bunch of examples, including the following which demonstrates how to encrypt a plaintext UsernameToken: <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:soap="..." xmlns:wsu="..." xmlns:wsse="..."> <soap:Header> ... <wsse:Security soap:mustUnderstand="1"> <xenc:EncryptedKey xmlns:xenc="..."> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference> <wsse:KeyIdentifier ValueType="wsse:X509v3"> PTBv8366Lp0xwHT5nQYl3dhxcMQ= </wsse:KeyIdentifier> </wsse:SecurityTokenReference> </KeyInfo> <xenc:CipherData> <xenc:CipherValue> QKuraT1kaXZAtExp...9G+CuAnngPr4ZUcI= </xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList> <xenc:DataReference URI="#EncryptedContent-a0bf2920" /> </xenc:ReferenceList> </xenc:EncryptedKey> <wsse:UsernameToken xmlns:wsu="..." wsu:Id="SecurityToken-d119b99b"> <xenc:EncryptedData Id="EncryptedContent-a0bf2920" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="..."> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> <xenc:CipherData> <xenc:CipherValue> oojjtSa1iRsVon...8SiDFQYTRCEXHreJau </xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </wsse:UsernameToken> </wsse:Security> </soap:Header> <soap:Body> <AddEntry xmlns="http://weblogs.contoso.com/wse/samples/2003/07"> <entry> <title>Saw Terminator III last night</title> <author>Joe Blow</author> <issued>2003-07-16T18:05:32.8774608-05:00</issued> <content>The special effects were over the top.</content> </entry> </AddEntry> </soap:Body> </soap:Envelope> Frank -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]