OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: NEW Issue: Clarification on RequireDerivedKeys and X509Token underAsymmetricBinding


PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSION THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER.  
The issues coordinators will notify the list when that has occurred.

Protocol:  ws-sp 

http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/17389/ws-securitypolicy-1.2-spec-ed-01-r05.pdf

Artifact: spec

Type:[design / editorial]

Title: Clarification on RequireDerivedKeys and X509Token under AsymmetricBinding


Description:

What does it mean when we have X509Token( with RequireDerivedKeys assertion) under
Initiator Token and Recipient Token of AsymmetricBinding. How are the keys derived when
this is the policy configuration.

Trying to apply lines 795 and 796 apply here, should one generate two symmetric keys one for 
Initiator Token and Recipient Token, both encrypted for the recipient ?. 
If the above is true then is the statement "encrypted with the key material associated with the token."
on line 796 correct?.
Eg: The Key associated with InitiatorToken on the client side is a client certificate and not the recipient certificate.


Related issues:

None

Proposed Resolution:

None



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]