[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: FW: [ws-sx] Issue 66: Security Policy Usecases
Anand: I'm forwarding your note to the WS-SX TC. Your questions are good questions and the TC shd discuss them when we discuss issue 66. All the best, Ashok > -----Original Message----- > From: Anand Mani [mailto:AnandMani@crimsonlogic.com] > Sent: Thursday, June 15, 2006 6:51 PM > To: Ashok Malhotra > Subject: RE: [ws-sx] Issue 66: Security Policy Usecases > > Hi Ashok, > > Went through the use cases which you have provided. > Is there any specific reason why you have not included > username token with plain text password but with nonce and > timestamp? Do you think that such cases will be rare(or > practically useless) since if anyone is concerned about > timestamping and using nonce they will not send the password > in clear? Also does the use of password hash automatically > mean the nonce and timestamping need to be provided? The > policy fragment > > <sp:SupportingToken> > <wsp:Policy> > <sp:UserNameToken> > <wsp:Policy><sp:HashPassword></wsp:Policy> > </wsp:Policy> > <sp:SupportingToken> > > does not make this point very clear. > > In most of the security toolkits for WS the hashing of > password and timestamping can be decoupled. So how do we > represent a case where in timestamping is required without > having to hash the password using wsp:Policy? > > Regards, > Anand. > > > -----Original Message----- > From: Ashok Malhotra [mailto:ashok.malhotra@oracle.com] > Sent: Friday, June 16, 2006 2:13 AM > To: ws-sx@lists.oasis-open.org > Cc: Prateek Mishra; Mischkinsky,Jeff > Subject: [ws-sx] Issue 66: Security Policy Usecases > > > I'm attaching a document with a number of what we feel are typical > Security Policy usecases along with sample Policies. > > The first thing to do is to discuss whether we need more or less > usecases. My guess is we need more but we also don't need a 100 page > document. > > Then we need to decide where this fits along with the other WS-SX > deliverables. > > All the best, Ashok > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]