OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Issue 90: Description of Strict Formatting seems wrong for EncryptedKey

Issue 90.

-----Original Message-----
From: Hal Lockhart [mailto:hlockhar@bea.com] 
Sent: Tuesday, July 11, 2006 7:59 AM
To: ws-sx@lists.oasis-open.org
Cc: Marc Goodner
Subject: NEW Issue: Description of Strict Formatting seems wrong for
EncryptedKey

PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
THE ISSUE IS ASSIGNED A NUMBER.  
The issues coordinators will notify the list when that has occurred.

Protocol: ws-sp 

http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/18837/ws
-securitypolicy-1.2-spec-ed-01-r07.pdf

Artifact:  spec

Type:

design

Title:

Rules for strict format of security element seem incorrect in the case
of encrypted key used with Asymmetric Key. It is my understanding that
for every encryption, there will either be a ReferenceList (for
Symmetric) or an EncryptedKey (for Asymmetric). However, the rules seem
to require a tope level ReferenceList even when an EncryptedKey is
present. This causes implementation problems, especially for WSS 1.0.

Description:

Section 6.7.1 (lines 1528-1536) say:

----
4.	If there are any encrypted elements in the message then a top
level xenc:ReferenceList element MUST be present in the security header.
The xenc:ReferenceList MUST occur before any xenc:EncryptedData elements
in the security header that are referenced from the reference list.
However, the xenc:ReferenceList is not required to appear before
independently encrypted tokens such as the xenc:EncryptedKey token as
defined in WSS.
5.	An xenc:EncryptedKey element without an internal reference list
[WSS: SOAP Message Security 1.1] MUST obey rule (1).  An
xenc:EncryptedKey element with an internal reference list MUST
additionally obey rule (4).
----

But my understanding is that you use either an EncryptedKey or a
ReferenceList, but not both. If this is not a simple error, but
intentional, I will provide information about implementation
difficulties.


Related issues:



Proposed Resolution:

Change #4 to say ReferenceList or Encrypted Key.

Hal

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]