RE: [ws-rx] Amendment to Microsoft/IBM proposal for i122-i124

["Gilbert Pilz" <Gilbert.Pilz@bea.com>]

Yes, I agree.

- gp 

> -----Original Message-----
> From: Raepple, Martin [mailto:martin.raepple@sap.com] 
> Sent: Wednesday, July 12, 2006 3:28 PM
> To: Gilbert Pilz; ws-rx@lists.oasis-open.org
> Subject: RE: [ws-rx] Amendment to Microsoft/IBM proposal for i122-i124
> 
> Even with these updates, we believe that BEA's proposal for 
> addressing SSL/TLS composes with the Oracle-SAP proposal. 
> Gil, do you agree?
> 
> - Martin
> 
> >-----Original Message-----
> >From: Gilbert Pilz [mailto:Gilbert.Pilz@bea.com]
> >Sent: Mittwoch, 12. Juli 2006 22:48
> >To: Marc Goodner; ws-rx@lists.oasis-open.org
> >Subject: RE: [ws-rx] Amendment to Microsoft/IBM proposal for 
> i122-i124
> >
> >Attached is a revised version of our amendment that addresses your 
> >concerns about forcing the selection of a security 
> mechanism. Basically 
> >the meaning of the assertion has been changed from "you must 
> bind the 
> >RM Sequence to an SSL/TLS session" to "you must bind the RM 
> Sequence to 
> >the session of the underlying transport-level security 
> protocol" thus 
> >leaving the selection of that protocol up to WS-SP.
> >
> >The really big change is from this:
> >
> >"This assertion MUST only occur in conjunction with the 
> ><wsrmp:RMAssertion/> and a <sp:TransportBinding> assertion that 
> >specifies the use of SSL/TLS."
> >
> >to this:
> >
> >"This assertion is effectively meaningless unless it occurs in 
> >conjunction with the wsrmp:RMAssertion and a sp:TransportBinding 
> >assertion that requires the use of some transport-level security 
> >mechanism (e.g. sp:HttpsToken)."
> >
> >- gp
> >
> >> -----Original Message-----
> >> From: Marc Goodner [mailto:mgoodner@microsoft.com]
> >> Sent: Wednesday, July 12, 2006 11:39 AM
> >> To: Gilbert Pilz; ws-rx@lists.oasis-open.org
> >> Subject: RE: [ws-rx] Amendment to Microsoft/IBM proposal for
> >i122-i124
> >> 
> >> The new header you propose seems fine. I am concerned that 
> specifying 
> >> an assertion like SequenceSSL steps into the SP domain by 
> making the 
> >> selection of the security mechanism.
> >> Tagging that an STR will be present does not as all of the 
> specific 
> >> security mechanisms are left to SP itself.
> >> 
> >> -----Original Message-----
> >> From: Gilbert Pilz [mailto:Gilbert.Pilz@bea.com]
> >> Sent: Monday, July 10, 2006 10:28 PM
> >> To: ws-rx@lists.oasis-open.org
> >> Subject: [ws-rx] Amendment to Microsoft/IBM proposal for i122-i124
> >> 
> >> I would like to propose the attached amendment to the 
> Microsoft/IBM 
> >> proposal. This material is presented as a set of additions and 
> >> changes to the version of the Microsoft/IBM proposal posted here:
> >> http://lists.oasis-open.org/archives/ws-rx/200607/msg00036.html
> >> 
> >> This amendment seeks to accomplish the following:
> >> 
> >> 1.) Support the use of SSL/TLS to protect Sequences 
> against spoofing 
> >> attacks.
> >> 
> >> 2.) Render (1) in a way that does not require implementations to 
> >> understand STR's and their various referencing mechanisms, 
> processing 
> >> rules, etc.
> >> 
> >> 2.) Define a WS-Policy assertion that specifies a 
> requirement to bind 
> >> Sequences to SSL/TLS sessions.
> >> 
> >> - gp
> >> 
> >> p.s. The general notion of this amendment could also apply to the 
> >> Oracle/SAP proposal posted here
> >> (http://lists.oasis-open.org/archives/ws-rx/200607/msg00054.html)
> >> though, obviously, the specific wording would have to change.
> >> 
> >> 
> >
>