OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-rx-implement message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: SC interop problems from missing details?

I understand there have been problems on the SC interop side. It may be because of different, or no, use of derived keys. Our interop doc is silent on this as it doesn’t go into any real detail at this level. I’ve taken the below, which I hope will give us the details we need, from the SX TC interop scenarios doc. There was interop there on SC based scenarios that followed this advice.



Client and STS X509 certificates are used to authenticate client and STS respectively. Client sends RequestSecurityToken to service signed using DKT1(K), then encrypted using a DKT2(K), K is ephemeral key protected for service's Certificate, DKT1(K) and DKT2(K) represent keys derived from K per WS-SecureConversation. Signature corresponding to DKT1(K) is signed using Client’s certificate. RequestSecurityTokenResponse is signed using DKT3(K), encrypted using DKT4(K).

Secure session key Sz is established following Secure Conversation. Application messages are protected using symmetric keys derived from Sz following Secure Conversation.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]