OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-sx] Issue 76: How to reference a specific SC when initiating a session?

Prateek,

Isn't this scenario addressed by lines 272-288 of
WS-SecureConversation[1]?

Gudge

[1]
http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/18840/ws
-secureconversation-1.3-spec-ed-01-r06-diff.pdf 

> -----Original Message-----
> From: Marc Goodner [mailto:mgoodner@microsoft.com] 
> Sent: 20 June 2006 16:23
> To: Prateek Mishra; ws-sx@lists.oasis-open.org
> Subject: [ws-sx] Issue 76: How to reference a specific SC 
> when initiating a session?
> 
> Tracked as Issue 76.
> 
> -----Original Message-----
> From: Prateek Mishra [mailto:prateek.mishra@oracle.com] 
> Sent: Tuesday, June 20, 2006 11:12 AM
> To: ws-sx@lists.oasis-open.org
> Cc: Marc Goodner
> Subject: NEW ISSUE: How to reference a specific SC when initiating a
> session?
> 
> *PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
> THE ISSUE IS ASSIGNED A NUMBER.  *
> 
> *The issues coordinators will notify the list when that has occurred.*
> 
> * *
> 
> Protocol:   ws-sc
> 
> http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.ph
> p/18838/ws
> -secureconversation-1.3-spec-ed-01-r06-diff.doc 
> 
> 
>  
> 
> Artifact:  spec
> 
>  
> 
> Type:
> 
> design
> 
>  
> 
> Title:
> 
> NEW ISSUE: How to reference a specific SC when initiating a session?
> 
>  
> 
> Description:
> 
> This issue concerns the following use-case: a requestor wishes to
> participate in a multi-message session with a recipient. 
> The requestor  acquires a SC token by some means from its 
> local security
> system and adds it to the security header of a SOAP message. 
> The SOAP message is meant to initiate a sequence of exchanges with the
> recipient, all of which are to be protected by the SC token. 
> Notice that
> in general, the SOAP message may carry several security headers
> including other security tokens.
>  
> How can the requestor indicate to the recipient that a 
> specific SC token
> is to be used for the session?
> 
>  
> 
> Related issues:
> 
> http://lists.oasis-open.org/archives/ws-rx/200606/msg00036.html
> 
>  
> 
> Proposed Resolution:
> 
> My best guess here is that the requestor add a new STR to the header. 
> The STR would include a reference to the SC and include in its usage
> attribute a URI referencing the message body. If this is acceptable to
> the TC, we need to include some text explaining this 
> "security pattern".
> 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]