[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: FW: [ws-sx] NEW ISSUE: How to reference a specific SC wheninitiating a session? Re. Issues 121, 122, 123
Below is a note Prateek Mishra just sent to the WS-SX TC to raise an issue re. securing a message. It is our view that this is a general problem and if we have a solution for it that solution can be also used to secure an RX sequence. All the best, Ashok > -----Original Message----- > From: Prateek Mishra [mailto:prateek.mishra@oracle.com] > Sent: Tuesday, June 20, 2006 8:12 AM > To: ws-sx@lists.oasis-open.org > Cc: Marc Goodner > Subject: [ws-sx] NEW ISSUE: How to reference a specific SC > when initiating a session? > > *PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON > THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER. * > > *The issues coordinators will notify the list when that has occurred.* > > * * > > Protocol: ws-sc > > http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.ph > p/18838/ws-secureconversation-1.3-spec-ed-01-r06-diff.doc > > > > > Artifact: spec > > > > Type: > > design > > > > Title: > > NEW ISSUE: How to reference a specific SC when initiating a session? > > > > Description: > > This issue concerns the following use-case: a requestor > wishes to participate in a multi-message session with a recipient. > The requestor acquires a SC token by some means from its > local security system and adds it to the security header of a > SOAP message. > The SOAP message is meant to initiate a sequence of exchanges > with the recipient, all of which are to be protected by the > SC token. Notice that in general, the SOAP message may carry > several security headers including other security tokens. > > How can the requestor indicate to the recipient that a > specific SC token is to be used for the session? > > > > Related issues: > > http://lists.oasis-open.org/archives/ws-rx/200606/msg00036.html > > > > Proposed Resolution: > > My best guess here is that the requestor add a new STR to the header. > The STR would include a reference to the SC and include in > its usage attribute a URI referencing the message body. If > this is acceptable to the TC, we need to include some text > explaining this "security pattern". > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]