[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue i009 - Proposal
This proposal is intended to allow the Asymmetric Binding to permit the use of distinct key pairs for encryption and signing. Replace the text at the beginning of WS-SP section 8.5: ---- The AsymmetricBinding assertion is used in scenarios in which message protection is provided by means defined in WSS: SOAP Message Security. This binding has two binding specific token properties; [Initiator Token] and [Recipient Token]. If the message pattern requires multiple messages, this binding defines that the [Initiator Token] is used for the message signature from initiator to the recipient, and for encryption from recipient to initiator. The [Recipient Token] is used for encryption from initiator to recipient, and for the message signature from recipient to initiator. ---- With: ---- The AsymmetricBinding assertion is used in scenarios in which message protection is provided by means defined in WSS: SOAP Message Security using asymmetric key (Public Key) technology. Commonly used asymmetric algorithms, such as RSA, allow the same key pair to be used for both encryption and signature. However it is also common practice to use distinct keys for encryption and signature, because of their different lifecycles. This binding enables either of these practices by means of four binding specific token properties: [Initiator Token], [Recipient Token], [Initiator Signature Token], [Initiator Encryption Token], [Recipient Signature Token] and [Recipient Encryption Token]. If the same key pair is used for signature and encryption, the [Initiator Token] and [Recipient Token] properties are used. If the message pattern requires multiple messages, this binding defines that the [Initiator Token] is used for the message signature from initiator to the recipient, and for encryption from recipient to initiator. The [Recipient Token] is used for encryption from initiator to recipient, and for the message signature from recipient to initiator. If distinct key pairs are used for signature and encryption, the [Initiator Signature Token], [Initiator Encryption Token], [Recipient Signature Token] and [Recipient Encryption Token] properties are used. If the message pattern requires multiple messages, the [Initiator Signature Token] is used for the message signature from initiator to the recipient. The [Initiator Encryption Token is used for the response message encryption from recipient to the initiator. The [Recipient Signature Token] is used for the response message signature from recipient to the initiator. The [Recipient Encryption Token is used for the message encryption from initiator to the recipient. Note that in each case, the token is associated with the party (initiator or recipient) who knows the secret. ---- Immediately below the text: ---- /sp:AsymmetricBinding/wsp:Policy/sp:RecipientToken/wsp:Policy The policy contained here MUST identify one or more token assertions. ---- Insert: ---- /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorSignatureToken This assertion indicates a requirement for an Initiator Signature Token. The specified token populates the [Initiator Signature Token] property and is used for the message signature from initiator to recipient. /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorSignatureToken/wsp:Policy The policy contained here MUST identify one or more token assertions. /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorEncryptionToken This assertion indicates a requirement for an Initiator Encryption Token. The specified token populates the [Initiator Encryption Token] property and is used for the message encryption from recipient to initiator. /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorEncryptionToken/wsp:Policy The policy contained here MUST identify one or more token assertions. /sp:AsymmetricBinding/wsp:Policy/sp:RecipientSignatureToken This assertion indicates a requirement for a Recipient Signature Token. The specified token populates the [Recipient Signature Token] property and is used for the message signature from recipient to initiator. /sp:AsymmetricBinding/wsp:Policy/sp:RecipientSignatureToken/wsp:Policy The policy contained here MUST identify one or more token assertions. /sp:AsymmetricBinding/wsp:Policy/sp:RecipientEncryptionToken This assertion indicates a requirement for a Recipient Encryption Token. The specified token populates the [Recipient Encryption Token] property and is used for encryption from initiator to recipient. /sp:AsymmetricBinding/wsp:Policy/sp:RecipientEncryptionToken/wsp:Policy The policy contained here MUST identify one or more token assertions. ---- Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]