[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Use-Case and Proposed Solution for i010
Hi Prateek, Thank you for explaining your scenario by pulling this document together. After reading the document it seems to me that your scenario can be done by using the current WS-Trust specification without requiring any changes. Here is how I would do that using the current specs: I would use WS-SecurityPolicy endorsing supporting token concept (additional token inside the wsse:Security header that is used to sign the primary message signature); the endorsing token will represent the on-behalf-of party; this token will then be linked from within OnBehalfOf RST element using STR. By using endorsing supporting token to represent on-behalf-of party, the initiator proves the possession of the endorsing supporting token's key by signing the primary message signature with it. Because the endorsing signature is contained in message wsse:Security header, it is not necessary to extend the OnBehalfOf element to allow signatures in it. The advantage of this approach is that it uses existing concepts defined by WS-SecurityPolicy to represent the on-behalf-of party; it does not define a new way to represent and authenticate it. Regardless of this, I would push back on your proposal in section 3.2.2. in your document, because I have security concerns regarding this proposal. By signing only reference(s) to on-behalf-of tokens, you don't bind those tokens and the signature to the message instance. Therefore an attacker can take those out and use them in different message and the information in OnBehalfOf will still be valid. Please note that endorsing token approach does not have this weakness, since the endorsing signature signs the primary message signature, therefore it cannot be used with any other message. It is not clear to me why are you proposing to allow multiple STRs/tokens inside OnBehalfOf element. Your scenario does not seem to require this and I cannot find any other which would require using multiple tokens to identify on-behalf-of party. Can you please help me understand why do you think this is necessary? Thanks, --Jan -----Original Message----- From: Prateek Mishra [mailto:prateek.mishra@oracle.com] Sent: Monday, February 20, 2006 2:44 PM To: ws-sx@lists.oasis-open.org Subject: [ws-sx] Use-Case and Proposed Solution for i010 This note follows up on the informal outline given in: http://lists.oasis-open.org/archives/ws-sx/200602/msg00070.html If appropriate, I can turn the attached note into a more formal submission to the TC.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]