OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (EBXMLMSG-37) AS4 5.2 Usage Agreement for X.509 token profile use

    [ http://tools.oasis-open.org/issues/browse/EBXMLMSG-37?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=36655#action_36655 ] 

Sander Fieten commented on EBXMLMSG-37:

Proposed updated text for section 5.2.6 applying Theo's comment on generalizing this section:

5.2.6 Confidentiality and Security

Specification Feature                  Security Management and Options 
                                                    This table is intended as a guide for users, to specify their own agreements on confidentiality and security.

Specification Reference              ebMS v3.0 Core Specification, Section 7, Appendix D.3.6.

Usage Profiling (a)                      Is transport-layer encryption required?
                                                    What protocol version(s)?  

Usage Profiling (b)                      What encryption algorithm(s) and minimum key lengths are required?

Usage Profiling (c)                      What Certificate Authorities are acceptable for server certificate authentication?

Usage Profiling (d)                      Are direct-trust (self-signed) certificates allowed?

Usage Profiling (e)                      Is client-side certificate-based authentication allowed or required?

Usage Profiling (f)                       What client Certificate Authorities are acceptable?

Usage Profiling (g)                      What certificate verification policies and procedures must be followed?

> AS4 5.2 Usage Agreement for X.509 token profile use
> ---------------------------------------------------
>                 Key: EBXMLMSG-37
>                 URL: http://tools.oasis-open.org/issues/browse/EBXMLMSG-37
>             Project: OASIS ebXML Messaging Services TC
>          Issue Type: Improvement
>          Components: AS4 Profile
>            Reporter: Pim van der Eijk
>            Priority: Minor
> Section 5. defines some operational aspects of AS4 that have to be agreed on in communities.  This section obviously does not have to (and cannot) be complete,  but it is not clear why section 5.2.6 (b) asks which encryption algorithms and minimum key lengths are required, (c) which Certificate Authorities are acceptable for server authentication etc.  these same questions could be asked for SOAP message security,  parameters defined in 

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]