[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Issue i009 - Proposal
Hal,
Here is my amendment to your proposal as discussed on the calls. I
wasn't sure what the easiest way to illustrate diffs was, so I've just
reproduced your proposal and edited it, hope this is OK...
Gudge
Replace the text at the beginning of WS-SP section 8.5:
----
The AsymmetricBinding assertion is used in scenarios in which message
protection is provided by means defined in WSS: SOAP Message Security.
This binding has two binding specific token properties; [Initiator
Token] and [Recipient Token]. If the message pattern requires multiple
messages, this binding defines that the [Initiator Token] is used for
the message signature from initiator to the recipient, and for
encryption from recipient to initiator. The [Recipient Token] is used
for encryption from initiator to recipient, and for the message
signature from recipient to initiator.
----
With:
----
The AsymmetricBinding assertion is used in scenarios in which message
protection is provided by means defined in WSS: SOAP Message Security
using asymmetric key (Public Key) technology. Commonly used asymmetric
algorithms, such as RSA, allow the same key pair to be used for both
encryption and signature. However it is also common practice to use
distinct keys for encryption and signature, because of their different
lifecycles.
This binding enables either of these practices by means of
four binding specific token properties:
[Initiator Signature Token], [Initiator Encryption Token], [Recipient
Signature Token] and [Recipient Encryption Token].
If the same key pair is used for signature and encryption, then
[Initiator Signature Token] and [Initiator Encryption Token] will
both refer to the same token. Likewise [Recipient Signature Token]
and [Recipient Encryption Token] will both refer to the same token.
If distinct key pairs are used for signature and encryption, then
[Initiator Signature Token] and [Initiator Encryption Token] will
refer to different tokens. Likewise [Recipient Signature Token]
and [Recipient Encryption Token] will refer to different tokens.
If the message pattern requires multiple messages, the [Initiator
Signature Token] is used for the message signature from initiator to
the
recipient. The [Initiator Encryption Token] is used for the response
message encryption from recipient to the initiator. The [Recipient
Signature Token] is used for the response message signature from
recipient to the initiator. The [Recipient Encryption Token] is used
for
the message encryption from initiator to the recipient. Note that in
each case, the token is associated with the party (initiator or
recipient) who knows the secret.
----
Replace the text;
----
/sp:AsymmetricBinding/wsp:Policy/sp:InitiatorToken
This assertion indicates a requirement for an Initiator Token.
The specified token populates the [Initiator Token] property and
is used for the message signature from initiator to recipient,
and encryption from recipient to initiator.
----
With
----
/sp:AsymmetricBinding/wsp:Policy/sp:InitiatorToken
This assertion indicates a requirement for an Initiator Token.
The specified token populates the [Initiator Signature Token] and
[Initiator Encryption Token] properties and is used for the message
signature from initiator to recipient, and encryption from
recipient to initiator.
----
Replace the text;
----
/sp:AsymmetricBinding/wsp:Policy/sp:RecipientToken
This assertion indicates a requirement for a Recipient Token.
The specified token populates the [Recipient Token] property and
is used for encryption from initiator to recipient, and for the
message signature from recipient to initiator.
----
With
----
/sp:AsymmetricBinding/wsp:Policy/sp:RecipientToken
This assertion indicates a requirement for a Recipient Token.
The specified token populates the [Recipient Signature Token] and
[Recipient Encryption Token] properties and is used for encryption
from initiator to recipient, and for the message signature from
recipient to initiator.
----
Immediately below the text:
----
/sp:AsymmetricBinding/wsp:Policy/sp:RecipientToken/wsp:Policy
The policy contained here MUST identify one or more token
assertions.
----
Insert:
----
/sp:AsymmetricBinding/wsp:Policy/sp:InitiatorSignatureToken
This assertion indicates a requirement for an Initiator Signature
Token. The specified token populates the [Initiator Signature Token]
property and is used for the message signature from initiator to
recipient.
/sp:AsymmetricBinding/wsp:Policy/sp:InitiatorSignatureToken/wsp:Policy
The policy contained here MUST identify one or more token assertions.
/sp:AsymmetricBinding/wsp:Policy/sp:InitiatorEncryptionToken
This assertion indicates a requirement for an Initiator Encryption
Token. The specified token populates the [Initiator Encryption Token]
property and is used for the message encryption from recipient to
initiator.
/sp:AsymmetricBinding/wsp:Policy/sp:InitiatorEncryptionToken/w
sp:Policy
The policy contained here MUST identify one or more token assertions.
/sp:AsymmetricBinding/wsp:Policy/sp:RecipientSignatureToken
This assertion indicates a requirement for a Recipient
Signature Token. The specified token populates the [Recipient Signature
Token] property
and is used for the message signature from recipient to initiator.
/sp:AsymmetricBinding/wsp:Policy/sp:RecipientSignatureToken/wsp:Policy
The policy contained here MUST identify one or more token assertions.
/sp:AsymmetricBinding/wsp:Policy/sp:RecipientEncryptionToken
This assertion indicates a requirement for a Recipient Encryption
Token. The specified token populates the [Recipient Encryption Token]
property and is used for encryption from initiator to recipient.
/sp:AsymmetricBinding/wsp:Policy/sp:RecipientEncryptionToken/w
sp:Policy
The policy contained here MUST identify one or more token assertions.
----
> -----Original Message-----
> From: Hal Lockhart [mailto:hlockhar@bea.com]
> Sent: 14 February 2006 21:22
> To: ws-sx@lists.oasis-open.org
> Subject: [ws-sx] Issue i009 - Proposal
>
> This proposal is intended to allow the Asymmetric Binding to
> permit the
> use of distinct key pairs for encryption and signing.
>
> Replace the text at the beginning of WS-SP section 8.5:
>
> ----
> The AsymmetricBinding assertion is used in scenarios in which message
> protection is provided by means defined in WSS: SOAP Message Security.
> This binding has two binding specific token properties; [Initiator
> Token] and [Recipient Token]. If the message pattern requires multiple
> messages, this binding defines that the [Initiator Token] is used for
> the message signature from initiator to the recipient, and for
> encryption from recipient to initiator. The [Recipient Token] is used
> for encryption from initiator to recipient, and for the message
> signature from recipient to initiator.
> ----
>
> With:
>
> ----
> The AsymmetricBinding assertion is used in scenarios in which message
> protection is provided by means defined in WSS: SOAP Message Security
> using asymmetric key (Public Key) technology. Commonly used asymmetric
> algorithms, such as RSA, allow the same key pair to be used for both
> encryption and signature. However it is also common practice to use
> distinct keys for encryption and signature, because of their different
> lifecycles.
>
> This binding enables either of these practices by means of
> four binding
> specific token properties: [Initiator Token], [Recipient Token],
> [Initiator Signature Token], [Initiator Encryption Token], [Recipient
> Signature Token] and [Recipient Encryption Token].
>
> If the same key pair is used for signature and encryption, the
> [Initiator Token] and [Recipient Token] properties are used. If the
> message pattern requires multiple messages, this binding defines that
> the [Initiator Token] is used for the message signature from initiator
> to the recipient, and for encryption from recipient to initiator. The
> [Recipient Token] is used for encryption from initiator to recipient,
> and for the message signature from recipient to initiator.
>
> If distinct key pairs are used for signature and encryption, the
> [Initiator Signature Token], [Initiator Encryption Token], [Recipient
> Signature Token] and [Recipient Encryption Token] properties are used.
> If the message pattern requires multiple messages, the [Initiator
> Signature Token] is used for the message signature from
> initiator to the
> recipient. The [Initiator Encryption Token is used for the response
> message encryption from recipient to the initiator. The [Recipient
> Signature Token] is used for the response message signature from
> recipient to the initiator. The [Recipient Encryption Token
> is used for
> the message encryption from initiator to the recipient. Note that in
> each case, the token is associated with the party (initiator or
> recipient) who knows the secret.
> ----
>
> Immediately below the text:
>
> ----
> /sp:AsymmetricBinding/wsp:Policy/sp:RecipientToken/wsp:Policy
> The policy contained here MUST identify one or more token
> assertions.
> ----
>
> Insert:
>
> ----
> /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorSignatureToken
> This assertion indicates a requirement for an Initiator Signature
> Token. The specified token populates the [Initiator Signature Token]
> property and is used for the message signature from initiator to
> recipient.
> /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorSignatureToken/wsp:Policy
> The policy contained here MUST identify one or more token assertions.
> /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorEncryptionToken
> This assertion indicates a requirement for an Initiator Encryption
> Token. The specified token populates the [Initiator Encryption Token]
> property and is used for the message encryption from recipient to
> initiator.
> /sp:AsymmetricBinding/wsp:Policy/sp:InitiatorEncryptionToken/w
> sp:Policy
> The policy contained here MUST identify one or more token assertions.
> /sp:AsymmetricBinding/wsp:Policy/sp:RecipientSignatureToken
> This assertion indicates a requirement for a Recipient
> Signature Token.
> The specified token populates the [Recipient Signature Token] property
> and is used for the message signature from recipient to initiator.
> /sp:AsymmetricBinding/wsp:Policy/sp:RecipientSignatureToken/wsp:Policy
> The policy contained here MUST identify one or more token assertions.
> /sp:AsymmetricBinding/wsp:Policy/sp:RecipientEncryptionToken
> This assertion indicates a requirement for a Recipient Encryption
> Token. The specified token populates the [Recipient Encryption Token]
> property and is used for encryption from initiator to recipient.
> /sp:AsymmetricBinding/wsp:Policy/sp:RecipientEncryptionToken/w
> sp:Policy
> The policy contained here MUST identify one or more token assertions.
> ----
>
>
> Hal
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]