OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [ws-sx] Issue 80: Handling EncryptParts/Elements specified under SupportingTokens


Supporting tokens doesn't really have a notion of sender/recipient, but
I take your more general point that it is possible to specify a token
under SupportingTokens that, for one reason or another, can't be used to
encrypt anything (perhaps because it is not associated with any key
material, for example). If EncryptedParts/Elements assertions are
present, this will result in an error. 

I could see adding some text to the supporting tokens section
encouraging policy writers to make sure the tokens they specify can
actually satisfy the other requirements they put into the supporting
token assertion. 

Does that make sense?

Gudge


> -----Original Message-----
> From: Marc Goodner [mailto:mgoodner@microsoft.com] 
> Sent: 28 June 2006 15:02
> To: K.Venugopal@Sun.COM; ws-sx@lists.oasis-open.org
> Subject: [ws-sx] Issue 80: Handling EncryptParts/Elements 
> specified under SupportingTokens
> 
> Issue 80...
> 
> -----Original Message-----
> From: K.Venugopal@Sun.COM [mailto:K.Venugopal@Sun.COM] 
> Sent: Wednesday, June 28, 2006 4:29 AM
> To: ws-sx@lists.oasis-open.org
> Cc: Marc Goodner
> Subject: [ws-sx] New Issue : Handling EncryptParts/Elements specified
> under SupportingTokens
> 
> PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
> THE ISSUE IS ASSIGNED A NUMBER.
> The issues coordinators will notify the list when that has occurred.
> 
> Protocol : WS-SP
> 
> Artifact :  SPEC
> 
> Type : design
> 
> Title :  Handling EncryptParts specified under SupportingTokens
> 
> Description :
> 
>        It is not clear from the spec on how EncryptParts 
> specified under
> supportingtokens need to be secured.
> eg :  If the X509Token present under a SupportingToken is that of the
> sender , how can it be used to encrypt the message parts identified by
> EncryptParts/Elements that are specified under the supporting token.
> 
>             <sp:SupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>                 <wsp:Policy>
>                 <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securit
> ypolicy/In
> cludeToken/Always">
>                     <wsp:Policy>
>                         <sp:WssX509V3Token11 />
>                     </wsp:Policy>
>                 </sp:X509Token>
>                 <sp:AlgorithmSuite>
>                         <wsp:Policy>
>                             <sp:TripleDes />
>                         </wsp:Policy>
>                 </sp:AlgorithmSuite>
>                 <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>                     <sp:Body />               
>                 </sp:EncryptedParts>
>                 </wsp:Policy>
>             </sp:SupportingTokens>
> 
> 
> Related issues:
> 
> None
> 
> Proposed Resolution:
> 
> None
> 
> 
> Regards ,
> Venu
> 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]