Subject: Issue 67 : Resolving Policies if more than one SecureConversationToken is present .
Logged as issue 67. -----Original Message----- From: K.Venugopal@Sun.COM [mailto:K.Venugopal@Sun.COM] Sent: Wednesday, April 12, 2006 8:42 AM To: email@example.com Cc: Marc Goodner Subject: New Issue : Resolving Policies if more than one SecureConversationToken is present . PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER. The issues coordinators will notify the list when that has occurred. Protocol: ws-sp http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/17389/ws -securitypolicy-1.2-spec-ed-01-r05.pdf Artifact: spec Type: design Title: Resolving Policies if more than one SecureConversationToken is present . Description: When a service has more than one SecureConversationToken defined in a policy and if the Issuer is absent, then when a client sends a RST to the service for SignatureToken how will the service know if the request is for SignatureToken or Encryption Token. IMO RST does not have such information, it gets complicated for the service to pick the right bootstrap policy to verify the incoming message. I have attached a sample policy file to describe the problem. Appreciate if the spec recommends proper usage of SecureConversationToken and provides an ability to identify the tokens when multiple of them are allowed in the policy. Related issues: None Proposed Resolution: None Regards Venu