OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [ws-sx] Issue 33: Identity security header components that areencrypted when using (A)Symmetric binding


<PM> Comments below </PM>

>Paul kindly pointed me to the right thread, so I'm replying here so
>maybe we can keep the threads together. Apart from this paragraph and
>the text of your/Marc's mail below the content of this mail is identical
>to my previous one.
>
>I think we discussed on one of the calls, that more things were signed
>than encrypted in the security header. However, certain things are
>encrypted, so perhaps we should rename the issue;
>
>"Identify security header components that are signed and/or encrypted"
>
>  
>
<PM> Agreed, this is a more comprehensive way to approach this question. 
Given a security policy based
on asymmetric/symmetric binding
it is hard to authoritatively figure out which headers are signed and/or 
encrypted. I am spending some time on this with
our engineers and I believe it will lead to an interoperability issue.
</PM>

>Is that what you would like to clarify? Or was it just encrypted
>elements? Or just signed elements?
>
>  
>
>A quick look at Appendix C turns up, for the symmetric binding at least;
>
>SignedSupportingTokens
>SignedEndorsingSupportingTokens 
>[Signature Token] in the case where [Token Protection] is set to true.
>
>as being signed and;
>
>Message signature in the case where [Encrypt Signature] is true
>
>as being encrypted. 
>
>I guess I'm wondering whether it is worth stating a list of
>signed/encrypted elements at the binding level given that the presence
>of those elements depends on various property values and in some case
>the signing and/or encrypting depends on property values too.
>
>  
>
<PM> How about a table that captures your comments above? We would need 
to fill it out with some more details.

For example, are [Signed] Supporting Tokens always encrypted?

Do the rules apply  to both requests and responses?
</PM>




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]