Subject: AW: [ws-sx] Issue 25: Chap. 6.5 [Token protection] conflicts with chapter 8.3 and 8.4.
Can we put this clarification into the spec? I would propose to insert it somewhere at the beginning of chap 8 as something like "How [Token Protection] interacts with supporting tokens" Regards, Werner > -----Ursprüngliche Nachricht----- > Von: Martin Gudgin [mailto:firstname.lastname@example.org] > Gesendet: Mittwoch, 15. Februar 2006 00:30 > An: Marc Goodner; Dittmann, Werner; email@example.com > Betreff: RE: [ws-sx] Issue 25: Chap. 6.5 [Token protection] > conflicts with chapter 8.3 and 8.4. > > Comments inline > > Cheers > > Gudge > > > -----Original Message----- > > From: Marc Goodner [mailto:firstname.lastname@example.org] > > Sent: 09 February 2006 20:40 > > To: Dittmann, Werner; email@example.com > > Subject: [ws-sx] Issue 25: Chap. 6.5 [Token protection] > > conflicts with chapter 8.3 and 8.4. > > > > This is now logged as issue 25. > > > > Marc Goodner > > Technical Diplomat > > Microsoft Corporation > > Tel: (425) 703-1903 > > Blog: http://spaces.msn.com/mrgoodner/ > > > > > > -----Original Message----- > > From: Dittmann, Werner [mailto:firstname.lastname@example.org] > > Sent: Thursday, February 09, 2006 12:06 AM > > To: email@example.com > > Cc: Marc Goodner > > Subject: [ws-sx] NEW Issue: Chap. 6.5 [Token protection] > > conflicts with > > chapter 8.3 and 8.4. > > > > PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON > THREAD UNTIL > > THE ISSUE IS ASSIGNED A NUMBER. > > > > The issues coordinators will notify the list when that has occurred. > > > > Protocol: ws-sp > > ws-securitypolicy-1.2-spec-ed-01-r03-diff.pdf > > > > Artifact: spec > > > > Type: design > > > > Title: Chap. 6.5 [Token protection] conflicts with chapter > > 8.3 and 8.4. > > > > Description: > > > > If the policy uses EndorsingSupportingTokens _and_ sets [Token > > Protection] then I have the same behaviour as defined for > > SignedEndorsingSupportingTokens. Is that true? > > > > On the other hand if I use SignedEndorsingSupportingTokens and do > > _not_ set [Token Protection] - what should be the result in > that case? > > [MJG] > I think the two things are different; > > If [Token Protection] is true, then each signature covers the > token that > generated it. So the main signature ( the one over the message headers > and body ) covers the main token (e.g. [Protection Token] in > a symmetric > binding). Endorsing signatures cover the endorsing token. > > For a Signed*SupportingToken the supporting token is covered by the > *main* message signature. > > If you have a SignedEndorsingSupportingToken *and* [Token > Protection] is > set to 'true' then the supporting token is signed twice, once by the > main signature and once by the endorsing signature. > > > > > Related issues: > > > > > > Proposed Resolution: > > Clarify behaviour of these interdependencies. > > > > > > Werner Dittmann > > Siemens COM MN CC BD TO > > mailto:Werner.Dittmann@siemens.com > > Tel: +49(0)89 636 50265 > > Mobil: +49(0)172 85 85 245 > > >