[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: Issue 90: Description of Strict Formatting seems wrong for EncryptedKey
As I mentioned on the last call, the WS-I Basic Security Profile was written assuming that either a ReferenceList or an EncryptedKey would appear at the top level for each encryption step, but not both. See especially section 6.1 and section 10 of that document. http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html Hal > -----Original Message----- > From: Marc Goodner [mailto:mgoodner@microsoft.com] > Sent: Tuesday, July 11, 2006 1:59 PM > To: Hal Lockhart; ws-sx@lists.oasis-open.org > Subject: Issue 90: Description of Strict Formatting seems wrong for > EncryptedKey > > Issue 90. > > -----Original Message----- > From: Hal Lockhart [mailto:hlockhar@bea.com] > Sent: Tuesday, July 11, 2006 7:59 AM > To: ws-sx@lists.oasis-open.org > Cc: Marc Goodner > Subject: NEW Issue: Description of Strict Formatting seems wrong for > EncryptedKey > > PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL > THE ISSUE IS ASSIGNED A NUMBER. > The issues coordinators will notify the list when that has occurred. > > Protocol: ws-sp > > http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/18837/ws > -securitypolicy-1.2-spec-ed-01-r07.pdf > > Artifact: spec > > Type: > > design > > Title: > > Rules for strict format of security element seem incorrect in the case > of encrypted key used with Asymmetric Key. It is my understanding that > for every encryption, there will either be a ReferenceList (for > Symmetric) or an EncryptedKey (for Asymmetric). However, the rules seem > to require a tope level ReferenceList even when an EncryptedKey is > present. This causes implementation problems, especially for WSS 1.0. > > Description: > > Section 6.7.1 (lines 1528-1536) say: > > ---- > 4. If there are any encrypted elements in the message then a top > level xenc:ReferenceList element MUST be present in the security header. > The xenc:ReferenceList MUST occur before any xenc:EncryptedData elements > in the security header that are referenced from the reference list. > However, the xenc:ReferenceList is not required to appear before > independently encrypted tokens such as the xenc:EncryptedKey token as > defined in WSS. > 5. An xenc:EncryptedKey element without an internal reference list > [WSS: SOAP Message Security 1.1] MUST obey rule (1). An > xenc:EncryptedKey element with an internal reference list MUST > additionally obey rule (4). > ---- > > But my understanding is that you use either an EncryptedKey or a > ReferenceList, but not both. If this is not a simple error, but > intentional, I will provide information about implementation > difficulties. > > > Related issues: > > > > Proposed Resolution: > > Change #4 to say ReferenceList or Encrypted Key. > > Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]