OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-sx] Issue 29: Which token to use to encrypt/sign in case of multiple tokens defined in a supporting token assertion?

Comments inline

Cheers

Gudge 

> -----Original Message-----
> From: Marc Goodner [mailto:mgoodner@microsoft.com] 
> Sent: 09 February 2006 20:47
> To: Dittmann, Werner; ws-sx@lists.oasis-open.org
> Subject: [ws-sx] Issue 29: Which token to use to encrypt/sign 
> in case of multiple tokens defined in a supporting token assertion?
> 
> This is now logged as issue 29.
> 
> Marc Goodner
> Technical Diplomat
> Microsoft Corporation
> Tel: (425) 703-1903
> Blog: http://spaces.msn.com/mrgoodner/ 
> 
> 
> -----Original Message-----
> From: Dittmann, Werner [mailto:werner.dittmann@siemens.com] 
> Sent: Thursday, February 09, 2006 12:14 AM
> To: ws-sx@lists.oasis-open.org
> Cc: Marc Goodner
> Subject: [ws-sx] NEW Issue: Which token to use to encrypt/sign in case
> of multiple tokens defined in a supporting token assertion?
> 
> PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
> THE ISSUE IS ASSIGNED A NUMBER.
> 
> The issues coordinators will notify the list when that has occurred.
> 
> Protocol:  ws-sp
> ws-securitypolicy-1.2-spec-ed-01-r03-diff.pdf
> 
> Artifact:  spec
> 
> Type: design
> 
> Title: Which token to use to encrypt/sign in case of multiple tokens
> defined in a supporting token assertion?
> 
> Description:
> 
> Every supporting token can have more than one token assertion, e.g.
> X509 token assertions. If there are more than one such token assertion
> which on shall be used to sign/encrypt additional SignedParts or
> EncryptedParts if some are definied?

[MJG]
All of them should sign and encrypt the various message parts. Ordering
of elements (tokens, referencelists etc. ) in the security header would
have to be used to determine which order encryptions occurred in.

That said, I think it's more likely that different tokens will be used
to encrypt different message parts.

> 
> Related issues:
> none
> 
> Proposed Resolution:
> 
> Define and insert some clarification.
> 
> Werner Dittmann
> Siemens COM MN CC BD TO
> mailto:Werner.Dittmann@siemens.com
> Tel:   +49(0)89 636 50265
> Mobil: +49(0)172 85 85 245
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]