[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: NEW ISSUE: How to reference a specific SC when initiating a session?
*PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER. * *The issues coordinators will notify the list when that has occurred.* * * Protocol: ws-sc http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/18838/ws-secureconversation-1.3-spec-ed-01-r06-diff.doc Artifact: spec Type: design Title: NEW ISSUE: How to reference a specific SC when initiating a session? Description: This issue concerns the following use-case: a requestor wishes to participate in a multi-message session with a recipient. The requestor acquires a SC token by some means from its local security system and adds it to the security header of a SOAP message. The SOAP message is meant to initiate a sequence of exchanges with the recipient, all of which are to be protected by the SC token. Notice that in general, the SOAP message may carry several security headers including other security tokens. How can the requestor indicate to the recipient that a specific SC token is to be used for the session? Related issues: http://lists.oasis-open.org/archives/ws-rx/200606/msg00036.html Proposed Resolution: My best guess here is that the requestor add a new STR to the header. The STR would include a reference to the SC and include in its usage attribute a URI referencing the message body. If this is acceptable to the TC, we need to include some text explaining this "security pattern".
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]