Issue 74: add <EncryptSupportingToken> element to Sections 7.4 and 7.5

["Marc Goodner" <mgoodner@microsoft.com>]

Logged as issue 74.

-----Original Message-----
From: Prateek Mishra [mailto:prateek.mishra@oracle.com] 
Sent: Monday, June 05, 2006 2:27 PM
To: ws-sx@lists.oasis-open.org
Cc: Marc Goodner
Subject: NEW Issue: add <EncryptSupportingToken> element to Sections 7.4
and 7.5 

 

*PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
THE ISSUE IS ASSIGNED A NUMBER.  *

*The issues coordinators will notify the list when that has occurred.*

* *

Protocol: ws-sp

ws-securitypolicy-1.2-spec-ed-01

Artifact:  spec

Type:

<>design
 

Title:

add <EncryptSupportingToken> element to Sections 7.4 and 7.5 

 

Description:

There are many security contexts in which supporting tokens in
(a)symmteric bindings are required to be encrypted. Typically, the
supporting token is a username, saml or proprietary token but other
possibilities also exist. This note proposes the addition of an
<EncryptSupportingToken> element to symm. and asymm. bindings within
ws-sp.

 

Related issues:


 

Proposed Resolution:

(1) Add at end of Section 6:

Section 6.8  [Encrypt Supporting Token]  Property

This boolean property specifies whether any supporting tokens found in 
the security
header are encrypted. If the value is
'true', then all supporting tokens MUST in the inbound and outbound 
messages must be encrypted.
If the value is 'false', then supporting tokens in the inbound or 
outbound messages MUST NOT be
encrypted. The default value for this property is false.

(2)  Add  after line 1739


 /sp:SymmetricBinding/wsp:Policy/sp:EncryptSupportingToken
This assertion indicates that the [Entire Supporting Token] property is 
set to 'true'.

(3) Add after line 1945

 /sp:AsymmetricBinding/wsp:Policy/sp:EncryptSupportingToken
This assertion indicates that the [Entire Supporting Token] property is 
set to 'true'.