[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Issue 33: Identity security header components that are encrypted when using (A)Symmetric binding
Prateek, Paul kindly pointed me to the right thread, so I'm replying here so maybe we can keep the threads together. Apart from this paragraph and the text of your/Marc's mail below the content of this mail is identical to my previous one. I think we discussed on one of the calls, that more things were signed than encrypted in the security header. However, certain things are encrypted, so perhaps we should rename the issue; "Identify security header components that are signed and/or encrypted" Is that what you would like to clarify? Or was it just encrypted elements? Or just signed elements? A quick look at Appendix C turns up, for the symmetric binding at least; SignedSupportingTokens SignedEndorsingSupportingTokens [Signature Token] in the case where [Token Protection] is set to true. as being signed and; Message signature in the case where [Encrypt Signature] is true as being encrypted. I guess I'm wondering whether it is worth stating a list of signed/encrypted elements at the binding level given that the presence of those elements depends on various property values and in some case the signing and/or encrypting depends on property values too. Gudge > -----Original Message----- > From: Marc Goodner [mailto:mgoodner@microsoft.com] > Sent: 20 February 2006 18:19 > To: Prateek Mishra; ws-sx@lists.oasis-open.org > Subject: [ws-sx] Issue 33: Identity security header > components that are encrypted when using (A)Symmetric binding > > Correction, this is issue 33. 32 had already been assigned > and I missed > it, apologies for my confusion. > > Marc Goodner > Technical Diplomat > Microsoft Corporation > Tel: (425) 703-1903 > Blog: http://spaces.msn.com/mrgoodner/ > > > -----Original Message----- > From: Prateek Mishra [mailto:prateek.mishra@oracle.com] > Sent: Friday, February 17, 2006 12:43 PM > To: ws-sx@lists.oasis-open.org > Subject: [ws-sx] NEW Issue: Identity security header > components that are > encrypted when using (A)Symmetric binding > > *PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON > THREAD UNTIL > THE ISSUE IS ASSIGNED A NUMBER. * > > *The issues coordinators will notify the list when that has occurred.* > > * * > > Protocol: ws-sp > > WS-SecurityPolicy > > > > Artifact: spec > > > > Type: > > editorial > > Title: > > Identify security header components that are encrypted > > > > Description: > > It appears that use of the SymmetricBinding and Asymmetric binding > assertion implies encryption over several components of the security > header, > including the timestamp, Supporting tokens and > SignedSupporting tokens. > This is not stated in the specification but can be gleaned from the > construction given in Appendix C. > > It would be helpful to implementors if this was made explicit in > Sections 7.3 and 7.4 > > > > Related issues: > > [numbers of related issues, if any] > > > > Proposed Resolution: > > Add the following sentence to Sections 7.4 (at end of first > paragraph) > and 7.5 (at end of first paragraph): > > > Use of this binding assertion implies that the following tokens, if > present in the security header of the request or response > message, MUST > be encrypted: timestamp, > Supporting tokens and SignedSupporting tokens. > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]