[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ws-sx] Issue 55: Clarification on RequireDerivedKeys andX509Token under AsymmetricBinding
Hi Marc, Was out of office till 22/5/06. Will look into Martin's mail and get back. Thanks, Venu Marc Goodner wrote: > I have not seen any further discussion of this. It sounds like the spec > is clear on how to interpret this. I suggest we close this issue with no > action. > > Marc Goodner > Technical Diplomat > Microsoft Corporation > Tel: (425) 703-1903 > Blog: http://spaces.msn.com/mrgoodner/ > > > -----Original Message----- > From: Martin Gudgin [mailto:mgudgin@microsoft.com] > Sent: Tuesday, May 16, 2006 9:49 PM > To: K.Venugopal@Sun.COM; Paul Cotton > Cc: ws-sx@lists.oasis-open.org > Subject: RE: [ws-sx] Issue 55: Clarification on RequireDerivedKeys and > X509Token under AsymmetricBinding > > I've now had chance to spend some time looking at this. Given the policy > below I would expect the following; > > 1. the request message would be signed with the initiator's private > key and encrypted with a key derived from a symmetric key that is > encrypted with the recipient's public key. > 2. the response message would be signed with the recipient's > private key and encrypted with a key derived from a symmetric key that > is encrypted with the initiator's public key. > > In both cases how the key is derived will be specified in the > wsc:DerivedKeyToken in the message. > > Cheers > > Gudge > > >> -----Original Message----- >> From: K.Venugopal@Sun.COM [mailto:K.Venugopal@Sun.COM] >> Sent: 11 April 2006 10:42 >> To: Paul Cotton >> Cc: ws-sx@lists.oasis-open.org >> Subject: Re: [ws-sx] Issue 55: Clarification on RequireDerivedKeys and >> > > >> X509Token under AsymmetricBinding >> >> Hi Paul, >> >> Sorry for the delayed response , please see inline >> >> Paul Cotton wrote: >> >>> From today's F2F draft minutes: >>> >>> === >>> i055 Clarification on RequireDerivedKeys and X509Token under >>> AsymmetricBinding >>> http://lists.oasis-open.org/archives/ws-sx/200603/msg00121.html >>> >>> The TC discussed this issue but it was not clear what use >>> >> the case that >> >>> K. Venugopal was discussing. The TC would like him to >>> >> better explain >> >>> his use case so that we can understand the issue. >>> == >>> >>> Please clarify your use case and/or restate your questions >>> >> since the TC >> >>> does not yet understand your questions. >>> >>> >>> >> <deleted/> >> In context to my previous mail let me know if this helps. >> >> If I have a policy like shown below , I would like to know how the >> message is secured. How are the keys derived. >> >> <sp:AsymmetricBinding >> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> >> <wsp:Policy> >> <sp:InitiatorToken> >> <wsp:Policy> >> <sp:X509Token >> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securit >> ypolicy/IncludeToken/AlwaysToRecipient"> >> <wsp:Policy> >> <sp:WssX509V3Token10 /> >> <sp:RequireDerivedKeys/> >> </wsp:Policy> >> </sp:X509Token> >> </wsp:Policy> >> </sp:InitiatorToken> >> >> <sp:RecipientToken> >> <wsp:Policy> >> <sp:X509Token >> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securit >> ypolicy/IncludeToken/Never"> >> <wsp:Policy> >> <sp:WssX509V3Token10 /> >> <sp:RequireDerivedKeys/> >> </wsp:Policy> >> </sp:X509Token> >> </wsp:Policy> >> </sp:RecipientToken> >> >> <sp:AlgorithmSuite> >> <wsp:Policy> >> <sp:Basic256 /> >> </wsp:Policy> >> </sp:AlgorithmSuite> >> >> <sp:Layout> >> <wsp:Policy> >> <sp:Lax /> >> </wsp:Policy> >> </sp:Layout> >> >> <sp:IncludeTimestamp /> >> >> <sp:OnlySignEntireHeadersAndBody /> >> </wsp:Policy> >> </sp:AsymmetricBinding> >> >> Thank You, >> Venu >> >>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]