[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-rx] FW: [ws-sx] NEW ISSUE: How to reference a specific SCwhen initiating a session? Re. Issues 121, 122, 123
Apologies... Should have said "securing a sequence" instead of "securing a message". All the best, Ashok > -----Original Message----- > From: Ashok Malhotra [mailto:ashok.malhotra@oracle.com] > Sent: Tuesday, June 20, 2006 8:20 AM > To: ws-rx@lists.oasis-open.org > Cc: Prateek Mishra > Subject: [ws-rx] FW: [ws-sx] NEW ISSUE: How to reference a > specific SC when initiating a session? Re. Issues 121, 122, 123 > > Below is a note Prateek Mishra just sent to the WS-SX TC to > raise an issue re. securing a message. It is our view that > this is a general problem and if we have a solution for it > that solution can be also used to secure an RX sequence. > > All the best, Ashok > > > > -----Original Message----- > > From: Prateek Mishra [mailto:prateek.mishra@oracle.com] > > Sent: Tuesday, June 20, 2006 8:12 AM > > To: ws-sx@lists.oasis-open.org > > Cc: Marc Goodner > > Subject: [ws-sx] NEW ISSUE: How to reference a specific SC when > > initiating a session? > > > > *PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON > THREAD UNTIL > > THE ISSUE IS ASSIGNED A NUMBER. * > > > > *The issues coordinators will notify the list when that has > occurred.* > > > > * * > > > > Protocol: ws-sc > > > > http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.ph > > p/18838/ws-secureconversation-1.3-spec-ed-01-r06-diff.doc > > > > > > > > > > Artifact: spec > > > > > > > > Type: > > > > design > > > > > > > > Title: > > > > NEW ISSUE: How to reference a specific SC when initiating a session? > > > > > > > > Description: > > > > This issue concerns the following use-case: a requestor wishes to > > participate in a multi-message session with a recipient. > > The requestor acquires a SC token by some means from its local > > security system and adds it to the security header of a > SOAP message. > > The SOAP message is meant to initiate a sequence of > exchanges with the > > recipient, all of which are to be protected by the SC token. Notice > > that in general, the SOAP message may carry several > security headers > > including other security tokens. > > > > How can the requestor indicate to the recipient that a specific SC > > token is to be used for the session? > > > > > > > > Related issues: > > > > http://lists.oasis-open.org/archives/ws-rx/200606/msg00036.html > > > > > > > > Proposed Resolution: > > > > My best guess here is that the requestor add a new STR to > the header. > > The STR would include a reference to the SC and include in > its usage > > attribute a URI referencing the message body. If this is > acceptable to > > the TC, we need to include some text explaining this "security > > pattern". > > > > > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]