[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Note on PMode Security Type -- draft of complexType deferred until preliminary issues discussed.
I have several questions about the additions to PMode Security.
One general question is that some of this information is being captured in Policy Assertions in the WS-SC TC. I will need to do a review to see about the duplications. Maybe we should consider reusing some of the Policy assertions here? There is a ws policy extension for docexchange that is to be defined for ebxml cppa 3.0. Just how it works (especially with respect to policy attachment is an upcoming discussion item for the CPPA TC, probably later this month.
More specific issues.
· PMode.Security.X509.Signature.Certificate: The value of this parameter is a URI that identifies the public certificate to use when verifying signed data.
· PMode.Security.X509.Encryption.Certificate: The value of this parameter is a URI that identifies the public certificate to use when encrypting data.
Can you elaborate a bit on how this URI identifies the public certificate? Anything about trust anchor certificates or chain verification?
Identifying the elements to sign and/or encrypt. I am not certain that the remarks about the “name of the XML element” really help me know how these identifiers work. Need either some more work or a retreat to perhaps making use of xpath, xpointer, uri refs (with id fragments), etc.
UserNameToken.[username|password] Discuss how we might enable encryption for these values if they are exchanged (and I am not sure they could be used without an exchange of some sort to set up the values even if only using a SSL setup session…]
We can review the complexType after these questions get some more discussion.