[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ws-sx] Issue 55: Clarification on RequireDerivedKeys andX509Token under AsymmetricBinding
Hi Marc,
Was out of office till 22/5/06. Will look into Martin's mail and get
back.
Thanks,
Venu
Marc Goodner wrote:
> I have not seen any further discussion of this. It sounds like the spec
> is clear on how to interpret this. I suggest we close this issue with no
> action.
>
> Marc Goodner
> Technical Diplomat
> Microsoft Corporation
> Tel: (425) 703-1903
> Blog: http://spaces.msn.com/mrgoodner/
>
>
> -----Original Message-----
> From: Martin Gudgin [mailto:mgudgin@microsoft.com]
> Sent: Tuesday, May 16, 2006 9:49 PM
> To: K.Venugopal@Sun.COM; Paul Cotton
> Cc: ws-sx@lists.oasis-open.org
> Subject: RE: [ws-sx] Issue 55: Clarification on RequireDerivedKeys and
> X509Token under AsymmetricBinding
>
> I've now had chance to spend some time looking at this. Given the policy
> below I would expect the following;
>
> 1. the request message would be signed with the initiator's private
> key and encrypted with a key derived from a symmetric key that is
> encrypted with the recipient's public key.
> 2. the response message would be signed with the recipient's
> private key and encrypted with a key derived from a symmetric key that
> is encrypted with the initiator's public key.
>
> In both cases how the key is derived will be specified in the
> wsc:DerivedKeyToken in the message.
>
> Cheers
>
> Gudge
>
>
>> -----Original Message-----
>> From: K.Venugopal@Sun.COM [mailto:K.Venugopal@Sun.COM]
>> Sent: 11 April 2006 10:42
>> To: Paul Cotton
>> Cc: ws-sx@lists.oasis-open.org
>> Subject: Re: [ws-sx] Issue 55: Clarification on RequireDerivedKeys and
>>
>
>
>> X509Token under AsymmetricBinding
>>
>> Hi Paul,
>>
>> Sorry for the delayed response , please see inline
>>
>> Paul Cotton wrote:
>>
>>> From today's F2F draft minutes:
>>>
>>> ===
>>> i055 Clarification on RequireDerivedKeys and X509Token under
>>> AsymmetricBinding
>>> http://lists.oasis-open.org/archives/ws-sx/200603/msg00121.html
>>>
>>> The TC discussed this issue but it was not clear what use
>>>
>> the case that
>>
>>> K. Venugopal was discussing. The TC would like him to
>>>
>> better explain
>>
>>> his use case so that we can understand the issue.
>>> ==
>>>
>>> Please clarify your use case and/or restate your questions
>>>
>> since the TC
>>
>>> does not yet understand your questions.
>>>
>>>
>>>
>> <deleted/>
>> In context to my previous mail let me know if this helps.
>>
>> If I have a policy like shown below , I would like to know how the
>> message is secured. How are the keys derived.
>>
>> <sp:AsymmetricBinding
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>> <wsp:Policy>
>> <sp:InitiatorToken>
>> <wsp:Policy>
>> <sp:X509Token
>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securit
>> ypolicy/IncludeToken/AlwaysToRecipient">
>> <wsp:Policy>
>> <sp:WssX509V3Token10 />
>> <sp:RequireDerivedKeys/>
>> </wsp:Policy>
>> </sp:X509Token>
>> </wsp:Policy>
>> </sp:InitiatorToken>
>>
>> <sp:RecipientToken>
>> <wsp:Policy>
>> <sp:X509Token
>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securit
>> ypolicy/IncludeToken/Never">
>> <wsp:Policy>
>> <sp:WssX509V3Token10 />
>> <sp:RequireDerivedKeys/>
>> </wsp:Policy>
>> </sp:X509Token>
>> </wsp:Policy>
>> </sp:RecipientToken>
>>
>> <sp:AlgorithmSuite>
>> <wsp:Policy>
>> <sp:Basic256 />
>> </wsp:Policy>
>> </sp:AlgorithmSuite>
>>
>> <sp:Layout>
>> <wsp:Policy>
>> <sp:Lax />
>> </wsp:Policy>
>> </sp:Layout>
>>
>> <sp:IncludeTimestamp />
>>
>> <sp:OnlySignEntireHeadersAndBody />
>> </wsp:Policy>
>> </sp:AsymmetricBinding>
>>
>> Thank You,
>> Venu
>>
>>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]