Re: AW: [ws-sx] Issue 28: Multiple supporting tokens of the same type?

[Anthony Nadalin <drsecure@us.ibm.com>]

The intention is not force that we have to have policies for each interop scenario, so these would be at most optional

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
"Dittmann, Werner" <werner.dittmann@siemens.com>

"Dittmann, Werner" <werner.dittmann@siemens.com>

02/17/2006 02:44 AM

To	"Paul Cotton" <Paul.Cotton@microsoft.com>
cc	<ws-sx@lists.oasis-open.org>
Subject	AW: [ws-sx] Issue 28: Multiple supporting tokens of the same type?

Paul,

I've tried to define policies for the interop scenarios #1
and #2 (Document: wss-interop1-draft-06). This wasn't
possible because I couldn't define the parameters (nonce,
created, passwordtype) of the required Usernametokens.

To make it more easier to understand WSP I would propose
that the WSP TC tries to setup policies for the WSS interop
scenarios, including the inclusion of the policies into the
interop WSDLs. I'm open to support such an activity.

Regards,
Werner

> -----Ursprüngliche Nachricht-----
> Von: Paul Cotton [mailto:Paul.Cotton@microsoft.com]
> Gesendet: Freitag, 17. Februar 2006 03:21
> An: Dittmann, Werner
> Cc: ws-sx@lists.oasis-open.org
> Betreff: RE: [ws-sx] Issue 28: Multiple supporting tokens of
> the same type?
>
> > What I would also like to see is a better mapping to
> > the WS Security specification. IMHO some of the interop
> > uses cases of WS Security can not described with WSP.
>
> Can you please describe the specific interop use cases that
> are not covered?
>
> /paulc
>
> Paul Cotton, Microsoft Canada
> 17 Eleanor Drive, Ottawa, Ontario K2E 6A3
> Tel: (613) 225-5445 Fax: (425) 936-7329
> mailto:Paul.Cotton@microsoft.com
>
>  
>
>
>
> > -----Original Message-----
> > From: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
> > Sent: February 16, 2006 3:35 AM
> > To: Hal Lockhart; Martin Gudgin; Marc Goodner;
> ws-sx@lists.oasis-open.org
> > Subject: AW: [ws-sx] Issue 28: Multiple supporting tokens
> of the same
> > type?
> >
> > I support that. We are implementing a WSP parser
> > and a first version of a WSP processor that uses the
> > parsed policy to create messages according to the
> > policy.
> >
> > We came across some problems as noted in some of my
> > issues because WSP is fairly complex and IMHO in some
> > cases confusing.
> >
> > What I would also like to see is a better mapping to
> > the WS Security specification. IMHO some of the interop
> > uses cases of WS Security can not described with WSP.
> >
> > Regards,
> > Werer
> >
> > > -----Ursprüngliche Nachricht-----
> > > Von: Hal Lockhart [mailto:hlockhar@bea.com]
> > > Gesendet: Mittwoch, 15. Februar 2006 16:11
> > > An: Martin Gudgin; Marc Goodner; Dittmann, Werner;
> > > ws-sx@lists.oasis-open.org
> > > Betreff: RE: [ws-sx] Issue 28: Multiple supporting tokens of
> > > the same type?
> > >
> > > I have been intending to create an issue similar to this one,
> > > so I will
> > > jump on the bandwagon.
> > >
> > > I think much more can be done to describe:
> > >
> > > 1. which assertions can appear where
> > > 2. what combinations make no sense and should either be
> > > prohibited or it
> > > should be stated they have no agreed meaning (example, encryption
> > > property applied to token)
> > > 3. how policies attached to different wsdl elements, which
> > > all apply in
> > > a given situation, interact with each other.
> > >
> > > Hal
> > >
> > > > -----Original Message-----
> > > > From: Martin Gudgin [mailto:mgudgin@microsoft.com]
> > > > Sent: Tuesday, February 14, 2006 6:22 PM
> > > > To: Marc Goodner; Dittmann, Werner; ws-sx@lists.oasis-open.org
> > > > Subject: RE: [ws-sx] Issue 28: Multiple supporting tokens
> > > of the same
> > > > type?
> > > >
> > > > Comments lines
> > > >
> > > > Cheers
> > > >
> > > > Gudge
> > > >
> > > > > -----Original Message-----
> > > > > From: Marc Goodner [mailto:mgoodner@microsoft.com]
> > > > > Sent: 09 February 2006 20:45
> > > > > To: Dittmann, Werner; ws-sx@lists.oasis-open.org
> > > > > Subject: [ws-sx] Issue 28: Multiple supporting tokens of the
> > > > > same type?
> > > > >
> > > > > This is now logged as issue 28.
> > > > >
> > > > > Marc Goodner
> > > > > Technical Diplomat
> > > > > Microsoft Corporation
> > > > > Tel: (425) 703-1903
> > > > > Blog: http://spaces.msn.com/mrgoodner/
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
> > > > > Sent: Thursday, February 09, 2006 12:13 AM
> > > > > To: ws-sx@lists.oasis-open.org
> > > > > Cc: Marc Goodner
> > > > > Subject: [ws-sx] NEW Issue: Multiple supporting tokens of the
> > > > > same type?
> > > > >
> > > > > PLEASE DO NOT REPLY TO THIS EMAIL OR START A
> DISCUSSISON THREAD
> > > UNTIL
> > > > > THE ISSUE IS ASSIGNED A NUMBER.
> > > > >
> > > > > The issues coordinators will notify the list when that
> > > has occurred.
> > > > >
> > > > > Protocol:  ws-sp
> > > > > ws-securitypolicy-1.2-spec-ed-01-r03-diff.pdf
> > > > >
> > > > > Artifact:  spec
> > > > >
> > > > > Type: design
> > > > >
> > > > > Title: Multiple supporting tokens of the same type?
> > > > >
> > > > > Description:
> > > > >
> > > > > Can a Policy have more than one supporting token (of the
> > > same type),
> > > > > e.g. multiple SupportingTokens or multiple
> > > EndorsingSupportingTokens?
> > > >
> > > > [MJG]
> > > > Yes.
> > > >
> > > > >
> > > > > Related issues:
> > > > > none
> > > > >
> > > > > Proposed Resolution:
> > > > >
> > > > > IMHO we need an "overall" ws-sp outline to define
> which assertions
> > > are
> > > > > allowed at a specific level, for example similar to
> > > > > (a)symmetric binding
> > > > > outline but for to top level policy file.
> > > >
> > > > [MJG]
> > > > The intent of Appendix A ( and other text in the spec
> that talks to
> > > the
> > > > scope of the various assertions ) is to specify which
> assertions can
> > > > appear on which WSDL constructs. I'm not sure it makes
> any sense to
> > > > specify such things in terms of location in a policy file...
> > > >
> > > > >
> > > > > Werner Dittmann
> > > > > Siemens COM MN CC BD TO
> > > > > mailto:Werner.Dittmann@siemens.com
> > > > > Tel:   +49(0)89 636 50265
> > > > > Mobil: +49(0)172 85 85 245
> > > > >
> > >
>