[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: issue 003: use of the term binding in SecurityPolicy
At the F2F, I had asked a question about the use of term security binding in Security Policy and as to what was intended by use of this term. My comments here are limited to this issue. The policy document does include a definition for this term in Section 1.4, 2.3 (definition at an abstract level) and a more precise definition for security binding assertion in Section 7. (1) The terms Security Binding Property and Security Binding Property Assertion are defined in lines 76 and 79-80 but not otherwise used elsewhere. I would suggest these terms be removed. (2) proposed changes to Security Binding defiinition (Section 2.3) lines 227 - 234 provide a detailed definition of binding. I would propose the following changes: line 228: replace by "The set of acceptable tokens and the means of their binding to messages" line 229: I dont see any "key transfer" mechanisms described in any of the bindings. In any case, I dont understand what "key transfer" means and it isn't listed in my copy of the handbook of applied crypto. line 230: Add "in the SOAP header" line 233: Delete. I dont believe any of the bindings described in this document provide this facility. Add new line: Various parameters, including those describing the algorithms to be used for normalization, signing and encryption. ------------------------------------------------------------------------------- prateek
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]