OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-rx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: FW: Preference for STR-based solution to identifying Token used to protect a RM Sequence

Forwarded from Hal . .

> -----Original Message-----
> From: Hal Lockhart 
> Sent: Wednesday, July 12, 2006 5:14 PM
> To: Gilbert Pilz
> Subject: Preference for STR-based solution to identifying 
> Token used to protect a RM Sequence
> 
> Having looked at the latest proposal from Oracle, using the 
> usage label, as well as their slide deck relating to 
> implementation issues, I still believe the STR-based approach 
> proposed by IBM & MSFT, is superior.
> 
> 1. The STR approach will not require that existing WSS logic 
> be altered.
> 
> 2. The STR approach allows a variant of the same solution to 
> be used when a Security header is not present, i.e. when 
> SSL/TLS is used.
> 
> 3. The usage label approach in my view entangles the 
> processing of the security and RM layers, whereas the STR 
> approach permits cleaner layering. In particular, the 
> Security layer will have to know what portions of the message 
> constitute an RM sequence and thus require protection.
> 
> 4. I don't believe the usage label approach can easily handle 
> multiple services, sequences and tokens without introducing 
> additional ad hoc rules.
> 
> The slides provided Oracle presume a particular and in my 
> view peculiar implementation. In particular the logic to 
> handle signatures protecting RM sequences will be different 
> from that of applications and other services using 
> signatures. The analysis only shows one step (create 
> sequence) in the entire process, omitting steps such as 
> secure conversation setup and sequence transmission. As 
> mentioned above, it appears that the security layer will be 
> required to identify what elements must be protected when 
> transmitting a sequence.
> 
> I acknowledge that the STR-based approach requires making use 
> of the schema defining the STR, but I expect this to be 
> stable and widely known and thus able to be used in a 
> "canned" way. Thus I am not concerned about this issue.
> 
> Hal

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]