[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Issue 80: Handling EncryptParts/Elements specified under SupportingTokens
Venu, What text is there in the spec that would lead you to believe the behaviour of the various SupportingTokens with respect to Signed/Encrypted parts would be different when a TransportBinding is used? Gudge > -----Original Message----- > From: K.Venugopal@Sun.COM [mailto:K.Venugopal@Sun.COM] > Sent: 20 July 2006 06:35 > To: Martin Gudgin > Cc: Marc Goodner; ws-sx@lists.oasis-open.org > Subject: Re: [ws-sx] Issue 80: Handling EncryptParts/Elements > specified under SupportingTokens > > Venu wrote: > > Hi Martin, > > > > Martin Gudgin wrote: > >> Supporting tokens doesn't really have a notion of > sender/recipient, but > >> I take your more general point that it is possible to > specify a token > >> under SupportingTokens that, for one reason or another, > can't be used to > >> encrypt anything (perhaps because it is not associated with any key > >> material, for example). If EncryptedParts/Elements assertions are > >> present, this will result in an error. > >> I could see adding some text to the supporting tokens section > >> encouraging policy writers to make sure the tokens they specify can > >> actually satisfy the other requirements they put into the > supporting > >> token assertion. > >> Does that make sense? > >> > > this works for me. > > Would also appreciate if the text clarified the behavior of > SignedParts,EncryptParts under various SupportingTokens when > TransportBinding is used > > Thanks, > Venu > > > > Thanks, > > Venu > >> Gudge > >> > >> > >> > >>> -----Original Message----- > >>> From: Marc Goodner [mailto:mgoodner@microsoft.com] Sent: 28 June > >>> 2006 15:02 > >>> To: K.Venugopal@Sun.COM; ws-sx@lists.oasis-open.org > >>> Subject: [ws-sx] Issue 80: Handling EncryptParts/Elements > specified > >>> under SupportingTokens > >>> > >>> Issue 80... > >>> > >>> -----Original Message----- > >>> From: K.Venugopal@Sun.COM [mailto:K.Venugopal@Sun.COM] Sent: > >>> Wednesday, June 28, 2006 4:29 AM > >>> To: ws-sx@lists.oasis-open.org > >>> Cc: Marc Goodner > >>> Subject: [ws-sx] New Issue : Handling > EncryptParts/Elements specified > >>> under SupportingTokens > >>> > >>> PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON > THREAD UNTIL > >>> THE ISSUE IS ASSIGNED A NUMBER. > >>> The issues coordinators will notify the list when that > has occurred. > >>> > >>> Protocol : WS-SP > >>> > >>> Artifact : SPEC > >>> > >>> Type : design > >>> > >>> Title : Handling EncryptParts specified under SupportingTokens > >>> > >>> Description : > >>> > >>> It is not clear from the spec on how EncryptParts > specified > >>> under > >>> supportingtokens need to be secured. > >>> eg : If the X509Token present under a SupportingToken is > that of the > >>> sender , how can it be used to encrypt the message parts > identified by > >>> EncryptParts/Elements that are specified under the > supporting token. > >>> > >>> <sp:SupportingTokens > >>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > >>> <wsp:Policy> > >>> <sp:X509Token > >>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securit > >>> ypolicy/In > >>> cludeToken/Always"> > >>> <wsp:Policy> > >>> <sp:WssX509V3Token11 /> > >>> </wsp:Policy> > >>> </sp:X509Token> > >>> <sp:AlgorithmSuite> > >>> <wsp:Policy> > >>> <sp:TripleDes /> > >>> </wsp:Policy> > >>> </sp:AlgorithmSuite> > >>> <sp:EncryptedParts > >>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > >>> <sp:Body /> > >>> </sp:EncryptedParts> > >>> </wsp:Policy> > >>> </sp:SupportingTokens> > >>> > >>> > >>> Related issues: > >>> > >>> None > >>> > >>> Proposed Resolution: > >>> > >>> None > >>> > >>> > >>> Regards , > >>> Venu > >>> > >>> > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]