[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SC interop problems from missing details?
|
I understand there have been problems on the SC interop
side. It may be because of different, or no, use of derived keys. Our interop
doc is silent on this as it doesn’t go into any real detail at this
level. I’ve taken the below, which I hope will give us the details we
need, from the SX TC interop scenarios doc. There was interop there on SC based
scenarios that followed this advice. http://www.oasis-open.org/committees/download.php/20954/ws-sx-interop-ed-10.doc
Client and STS X509 certificates are used to authenticate
client and STS respectively. Client sends RequestSecurityToken to service
signed using DKT1(K), then encrypted using a DKT2(K), K is ephemeral key
protected for service's Certificate, DKT1(K) and DKT2(K) represent keys derived
from K per WS-SecureConversation. Signature corresponding to DKT1(K) is signed
using Client’s certificate. RequestSecurityTokenResponse is signed using
DKT3(K), encrypted using DKT4(K). Secure session key Sz is established following Secure
Conversation. Application messages are protected using symmetric keys derived
from Sz following Secure Conversation. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]