[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Issue i009 - Proposal
Hal, Here is my amendment to your proposal as discussed on the calls. I wasn't sure what the easiest way to illustrate diffs was, so I've just reproduced your proposal and edited it, hope this is OK... Gudge Replace the text at the beginning of WS-SP section 8.5: ---- The AsymmetricBinding assertion is used in scenarios in which message protection is provided by means defined in WSS: SOAP Message Security. This binding has two binding specific token properties; [Initiator Token] and [Recipient Token]. If the message pattern requires multiple messages, this binding defines that the [Initiator Token] is used for the message signature from initiator to the recipient, and for encryption from recipient to initiator. The [Recipient Token] is used for encryption from initiator to recipient, and for the message signature from recipient to initiator. ---- With: ---- The AsymmetricBinding assertion is used in scenarios in which message protection is provided by means defined in WSS: SOAP Message Security using asymmetric key (Public Key) technology. Commonly used asymmetric algorithms, such as RSA, allow the same key pair to be used for both encryption and signature. However it is also common practice to use distinct keys for encryption and signature, because of their different lifecycles. This binding enables either of these practices by means of four binding specific token properties: [Initiator Signature Token], [Initiator Encryption Token], [Recipient Signature Token] and [Recipient Encryption Token]. If the same key pair is used for signature and encryption, then [Initiator Signature Token] and [Initiator Encryption Token] will both refer to the same token. Likewise [Recipient Signature Token] and [Recipient Encryption Token] will both refer to the same token. If distinct key pairs are used for signature and encryption, then [Initiator Signature Token] and [Initiator Encryption Token] will refer to different tokens. Likewise [Recipient Signature Token] and [Recipient Encryption Token] will refer to different tokens. If the message pattern requires multiple messages, the [Initiator Signature Token] is used for the message signature from initiator to the recipient. The [Initiator Encryption Token] is used for the response message encryption from recipient to the initiator. The [Recipient Signature Token] is used for the response message signature from recipient to the initiator. The [Recipient Encryption Token] is used for the message encryption from initiator to the recipient. Note that in each case, the token is associated with the party (initiator or recipient) who knows the secret. ---- Replace the text; ---- /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorToken This assertion indicates a requirement for an Initiator Token. The specified token populates the [Initiator Token] property and is used for the message signature from initiator to recipient, and encryption from recipient to initiator. ---- With ---- /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorToken This assertion indicates a requirement for an Initiator Token. The specified token populates the [Initiator Signature Token] and [Initiator Encryption Token] properties and is used for the message signature from initiator to recipient, and encryption from recipient to initiator. ---- Replace the text; ---- /sp:AsymmetricBinding/wsp:Policy/sp:RecipientToken This assertion indicates a requirement for a Recipient Token. The specified token populates the [Recipient Token] property and is used for encryption from initiator to recipient, and for the message signature from recipient to initiator. ---- With ---- /sp:AsymmetricBinding/wsp:Policy/sp:RecipientToken This assertion indicates a requirement for a Recipient Token. The specified token populates the [Recipient Signature Token] and [Recipient Encryption Token] properties and is used for encryption from initiator to recipient, and for the message signature from recipient to initiator. ---- Immediately below the text: ---- /sp:AsymmetricBinding/wsp:Policy/sp:RecipientToken/wsp:Policy The policy contained here MUST identify one or more token assertions. ---- Insert: ---- /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorSignatureToken This assertion indicates a requirement for an Initiator Signature Token. The specified token populates the [Initiator Signature Token] property and is used for the message signature from initiator to recipient. /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorSignatureToken/wsp:Policy The policy contained here MUST identify one or more token assertions. /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorEncryptionToken This assertion indicates a requirement for an Initiator Encryption Token. The specified token populates the [Initiator Encryption Token] property and is used for the message encryption from recipient to initiator. /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorEncryptionToken/w sp:Policy The policy contained here MUST identify one or more token assertions. /sp:AsymmetricBinding/wsp:Policy/sp:RecipientSignatureToken This assertion indicates a requirement for a Recipient Signature Token. The specified token populates the [Recipient Signature Token] property and is used for the message signature from recipient to initiator. /sp:AsymmetricBinding/wsp:Policy/sp:RecipientSignatureToken/wsp:Policy The policy contained here MUST identify one or more token assertions. /sp:AsymmetricBinding/wsp:Policy/sp:RecipientEncryptionToken This assertion indicates a requirement for a Recipient Encryption Token. The specified token populates the [Recipient Encryption Token] property and is used for encryption from initiator to recipient. /sp:AsymmetricBinding/wsp:Policy/sp:RecipientEncryptionToken/w sp:Policy The policy contained here MUST identify one or more token assertions. ---- > -----Original Message----- > From: Hal Lockhart [mailto:hlockhar@bea.com] > Sent: 14 February 2006 21:22 > To: ws-sx@lists.oasis-open.org > Subject: [ws-sx] Issue i009 - Proposal > > This proposal is intended to allow the Asymmetric Binding to > permit the > use of distinct key pairs for encryption and signing. > > Replace the text at the beginning of WS-SP section 8.5: > > ---- > The AsymmetricBinding assertion is used in scenarios in which message > protection is provided by means defined in WSS: SOAP Message Security. > This binding has two binding specific token properties; [Initiator > Token] and [Recipient Token]. If the message pattern requires multiple > messages, this binding defines that the [Initiator Token] is used for > the message signature from initiator to the recipient, and for > encryption from recipient to initiator. The [Recipient Token] is used > for encryption from initiator to recipient, and for the message > signature from recipient to initiator. > ---- > > With: > > ---- > The AsymmetricBinding assertion is used in scenarios in which message > protection is provided by means defined in WSS: SOAP Message Security > using asymmetric key (Public Key) technology. Commonly used asymmetric > algorithms, such as RSA, allow the same key pair to be used for both > encryption and signature. However it is also common practice to use > distinct keys for encryption and signature, because of their different > lifecycles. > > This binding enables either of these practices by means of > four binding > specific token properties: [Initiator Token], [Recipient Token], > [Initiator Signature Token], [Initiator Encryption Token], [Recipient > Signature Token] and [Recipient Encryption Token]. > > If the same key pair is used for signature and encryption, the > [Initiator Token] and [Recipient Token] properties are used. If the > message pattern requires multiple messages, this binding defines that > the [Initiator Token] is used for the message signature from initiator > to the recipient, and for encryption from recipient to initiator. The > [Recipient Token] is used for encryption from initiator to recipient, > and for the message signature from recipient to initiator. > > If distinct key pairs are used for signature and encryption, the > [Initiator Signature Token], [Initiator Encryption Token], [Recipient > Signature Token] and [Recipient Encryption Token] properties are used. > If the message pattern requires multiple messages, the [Initiator > Signature Token] is used for the message signature from > initiator to the > recipient. The [Initiator Encryption Token is used for the response > message encryption from recipient to the initiator. The [Recipient > Signature Token] is used for the response message signature from > recipient to the initiator. The [Recipient Encryption Token > is used for > the message encryption from initiator to the recipient. Note that in > each case, the token is associated with the party (initiator or > recipient) who knows the secret. > ---- > > Immediately below the text: > > ---- > /sp:AsymmetricBinding/wsp:Policy/sp:RecipientToken/wsp:Policy > The policy contained here MUST identify one or more token > assertions. > ---- > > Insert: > > ---- > /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorSignatureToken > This assertion indicates a requirement for an Initiator Signature > Token. The specified token populates the [Initiator Signature Token] > property and is used for the message signature from initiator to > recipient. > /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorSignatureToken/wsp:Policy > The policy contained here MUST identify one or more token assertions. > /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorEncryptionToken > This assertion indicates a requirement for an Initiator Encryption > Token. The specified token populates the [Initiator Encryption Token] > property and is used for the message encryption from recipient to > initiator. > /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorEncryptionToken/w > sp:Policy > The policy contained here MUST identify one or more token assertions. > /sp:AsymmetricBinding/wsp:Policy/sp:RecipientSignatureToken > This assertion indicates a requirement for a Recipient > Signature Token. > The specified token populates the [Recipient Signature Token] property > and is used for the message signature from recipient to initiator. > /sp:AsymmetricBinding/wsp:Policy/sp:RecipientSignatureToken/wsp:Policy > The policy contained here MUST identify one or more token assertions. > /sp:AsymmetricBinding/wsp:Policy/sp:RecipientEncryptionToken > This assertion indicates a requirement for a Recipient Encryption > Token. The specified token populates the [Recipient Encryption Token] > property and is used for encryption from initiator to recipient. > /sp:AsymmetricBinding/wsp:Policy/sp:RecipientEncryptionToken/w > sp:Policy > The policy contained here MUST identify one or more token assertions. > ---- > > > Hal >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]