OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: issue 003: use of the term binding in SecurityPolicy

At the F2F, I had asked a question about the use of term security 
binding in Security Policy
and as to what was intended by use of this term. My comments here are 
limited to this issue.

The policy document does include a definition for this term in Section 
1.4, 2.3 (definition
at an abstract level) and a more precise definition for security binding 
assertion in Section 7.

(1) The terms Security Binding Property and Security Binding Property 
Assertion are defined in lines 76 and 79-80
but not otherwise used elsewhere. I would suggest these terms be removed.

(2) proposed changes to Security Binding defiinition (Section 2.3)

lines 227 - 234 provide a detailed definition of binding. I would 
propose the following changes:

line 228: replace by "The set of acceptable tokens and the means of 
their binding to messages"

line 229:  I dont see any "key transfer" mechanisms described in any of 
the bindings. In any case, I dont
understand what "key transfer" means and it isn't listed in my copy of 
the handbook of applied crypto.

line 230: Add "in the SOAP header"

line 233: Delete. I dont believe any of the bindings described in this 
document provide this facility.

Add new line: Various parameters, including those describing the 
algorithms to be used for normalization, signing and encryption.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]