OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-sx] Issue 54: [ Clarification on Signature Protection property and various SupportingTokens]

[Signature Protection] is about encrypting a ds:Signature element only
applies to the primary signature. The reason for encrypting the primary
signature is low-entropy signature targets. Supporting signatures do not
have low-entropy signature targets.

From Section 6.4;

	If the value is 'true', the primary signature MUST be encrypted
and any signature confirmation elements MUST also be encrypted. 

[Token Protection] is about encrypting a security token ( e.g.
saml:Assertion, wsse:BinarySecurityToken etc. ). Section 8.5 Interaction
between [Token Protection] property and supporting token assertions
discusses it's relationship with supporting token assertions.

Gudge



> -----Original Message-----
> From: Marc Goodner [mailto:mgoodner@microsoft.com] 
> Sent: 31 March 2006 07:31
> To: K.Venugopal@Sun.COM; ws-sx@lists.oasis-open.org
> Subject: [ws-sx] Issue 54: [ Clarification on Signature 
> Protection property and various SupportingTokens]
> 
> Logged as Issue 54.
> 
> 
> -----Original Message-----
> From: K.Venugopal@Sun.COM [mailto:K.Venugopal@Sun.COM] 
> Sent: Friday, March 31, 2006 5:08 AM
> To: ws-sx@lists.oasis-open.org
> Cc: Marc Goodner
> Subject: NEW Issue: [ Clarification on Signature Protection 
> property and
> various SupportingTokens]
> 
> PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
> THE ISSUE IS ASSIGNED A NUMBER.  
> The issues coordinators will notify the list when that has occurred.
> 
> Protocol: ws-sp 
> 
> http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.ph
p/17389/ws
> -securitypolicy-1.2-spec-ed-01-r05.pdf
> 
> Artifact:  spec 
> 
> Type: design / editorial
> 
> 
> Title: Clarification on Signature Protection property and various
> SupportingTokens
> 
> Description:
> 
> How is SignatureProtection property(EncryptSignature 
> assertion ) and its
> scope different from TokenProtection property ?. When 
> SignatureProtection property is true how should one treat Signature
> elements belonging to SignedSupportingTokens/
> SignedEndorsingSupportingTokens/EndorsingSupportingTokens .
> 
> 
> Related issues:None
> 
> Proposed Resolution: None
> 
> 
> Regards,
> Venu
> 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]