OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-sx] Issue 25: Chap. 6.5 [Token protection] conflicts with chapter 8.3 and 8.4.

Comments inline

Cheers

Gudge 

> -----Original Message-----
> From: Marc Goodner [mailto:mgoodner@microsoft.com] 
> Sent: 09 February 2006 20:40
> To: Dittmann, Werner; ws-sx@lists.oasis-open.org
> Subject: [ws-sx] Issue 25: Chap. 6.5 [Token protection] 
> conflicts with chapter 8.3 and 8.4.
> 
> This is now logged as issue 25.
> 
> Marc Goodner
> Technical Diplomat
> Microsoft Corporation
> Tel: (425) 703-1903
> Blog: http://spaces.msn.com/mrgoodner/ 
> 
> 
> -----Original Message-----
> From: Dittmann, Werner [mailto:werner.dittmann@siemens.com] 
> Sent: Thursday, February 09, 2006 12:06 AM
> To: ws-sx@lists.oasis-open.org
> Cc: Marc Goodner
> Subject: [ws-sx] NEW Issue: Chap. 6.5 [Token protection] 
> conflicts with
> chapter 8.3 and 8.4.
> 
> PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
> THE ISSUE IS ASSIGNED A NUMBER.
> 
> The issues coordinators will notify the list when that has occurred.
> 
> Protocol:  ws-sp
> ws-securitypolicy-1.2-spec-ed-01-r03-diff.pdf
> 
> Artifact:  spec
> 
> Type: design
> 
> Title: Chap. 6.5 [Token protection] conflicts with chapter 
> 8.3 and 8.4.
> 
> Description:
> 
> If the policy uses EndorsingSupportingTokens _and_ sets [Token
> Protection] then I have the same behaviour as defined for
> SignedEndorsingSupportingTokens. Is that true? 
> 
> On the other hand if I use SignedEndorsingSupportingTokens and do
> _not_ set [Token Protection] - what should be the result in that case?

[MJG]
I think the two things are different;

If [Token Protection] is true, then each signature covers the token that
generated it. So the main signature ( the one over the message headers
and body ) covers the main token (e.g. [Protection Token] in a symmetric
binding). Endorsing signatures cover the endorsing token.

For a Signed*SupportingToken the supporting token is covered by the
*main* message signature.

If you have a SignedEndorsingSupportingToken *and* [Token Protection] is
set to 'true' then the supporting token is signed twice, once by the
main signature and once by the endorsing signature.

> 
> Related issues:
> 
> 
> Proposed Resolution:
> Clarify behaviour of these interdependencies.
> 
> 
> Werner Dittmann
> Siemens COM MN CC BD TO
> mailto:Werner.Dittmann@siemens.com
> Tel:   +49(0)89 636 50265
> Mobil: +49(0)172 85 85 245
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]