Re: [ws-sx] Issue 80: Handling EncryptParts/Elements specified underSupportingTokens

[Venu <K.Venugopal@Sun.COM>]

Venu wrote:
> Hi Martin,
>
> Martin Gudgin wrote:
>> Supporting tokens doesn't really have a notion of sender/recipient, but
>> I take your more general point that it is possible to specify a token
>> under SupportingTokens that, for one reason or another, can't be used to
>> encrypt anything (perhaps because it is not associated with any key
>> material, for example). If EncryptedParts/Elements assertions are
>> present, this will result in an error.
>> I could see adding some text to the supporting tokens section
>> encouraging policy writers to make sure the tokens they specify can
>> actually satisfy the other requirements they put into the supporting
>> token assertion.
>> Does that make sense?
>>   
> this works for me.

Would also appreciate if the text clarified the behavior of 
SignedParts,EncryptParts under various SupportingTokens  when 
TransportBinding is used

Thanks,
Venu
>
> Thanks,
> Venu
>> Gudge
>>
>>
>>  
>>> -----Original Message-----
>>> From: Marc Goodner [mailto:mgoodner@microsoft.com] Sent: 28 June 
>>> 2006 15:02
>>> To: K.Venugopal@Sun.COM; ws-sx@lists.oasis-open.org
>>> Subject: [ws-sx] Issue 80: Handling EncryptParts/Elements specified 
>>> under SupportingTokens
>>>
>>> Issue 80...
>>>
>>> -----Original Message-----
>>> From: K.Venugopal@Sun.COM [mailto:K.Venugopal@Sun.COM] Sent: 
>>> Wednesday, June 28, 2006 4:29 AM
>>> To: ws-sx@lists.oasis-open.org
>>> Cc: Marc Goodner
>>> Subject: [ws-sx] New Issue : Handling EncryptParts/Elements specified
>>> under SupportingTokens
>>>
>>> PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
>>> THE ISSUE IS ASSIGNED A NUMBER.
>>> The issues coordinators will notify the list when that has occurred.
>>>
>>> Protocol : WS-SP
>>>
>>> Artifact :  SPEC
>>>
>>> Type : design
>>>
>>> Title :  Handling EncryptParts specified under SupportingTokens
>>>
>>> Description :
>>>
>>>        It is not clear from the spec on how EncryptParts specified 
>>> under
>>> supportingtokens need to be secured.
>>> eg :  If the X509Token present under a SupportingToken is that of the
>>> sender , how can it be used to encrypt the message parts identified by
>>> EncryptParts/Elements that are specified under the supporting token.
>>>
>>>             <sp:SupportingTokens
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>>>                 <wsp:Policy>
>>>                 <sp:X509Token
>>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securit
>>> ypolicy/In
>>> cludeToken/Always">
>>>                     <wsp:Policy>
>>>                         <sp:WssX509V3Token11 />
>>>                     </wsp:Policy>
>>>                 </sp:X509Token>
>>>                 <sp:AlgorithmSuite>
>>>                         <wsp:Policy>
>>>                             <sp:TripleDes />
>>>                         </wsp:Policy>
>>>                 </sp:AlgorithmSuite>
>>>                 <sp:EncryptedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>>>                     <sp:Body />                               
>>> </sp:EncryptedParts>
>>>                 </wsp:Policy>
>>>             </sp:SupportingTokens>
>>>
>>>
>>> Related issues:
>>>
>>> None
>>>
>>> Proposed Resolution:
>>>
>>> None
>>>
>>>
>>> Regards ,
>>> Venu
>>>
>>>     
>