[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] RE: Issue 90: Description of Strict Formatting seems wrong for EncryptedKey
Hal, My apologies for taking so long to research this. I believe that you are correct that 6.7.1 clause 4 is incorrect when applied generally to asymmetric bindings. The easiest fix is probably to remove the words 'top level' from line 1503 of [1]. Did you also look at Appendix C.3 (which I think is more detailed than 6.7.1 and applies directly to the Asymmetric Binding)? Regards Gudge [1] http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/18836/ws -securitypolicy-1.2-spec-ed-01-r07-diff.doc > -----Original Message----- > From: Hal Lockhart [mailto:hlockhar@bea.com] > Sent: 18 July 2006 15:18 > To: Marc Goodner; ws-sx@lists.oasis-open.org > Subject: [ws-sx] RE: Issue 90: Description of Strict > Formatting seems wrong for EncryptedKey > > As I mentioned on the last call, the WS-I Basic Security Profile was > written assuming that either a ReferenceList or an EncryptedKey would > appear at the top level for each encryption step, but not both. See > especially section 6.1 and section 10 of that document. > > http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html > > Hal > > > -----Original Message----- > > From: Marc Goodner [mailto:mgoodner@microsoft.com] > > Sent: Tuesday, July 11, 2006 1:59 PM > > To: Hal Lockhart; ws-sx@lists.oasis-open.org > > Subject: Issue 90: Description of Strict Formatting seems wrong for > > EncryptedKey > > > > Issue 90. > > > > -----Original Message----- > > From: Hal Lockhart [mailto:hlockhar@bea.com] > > Sent: Tuesday, July 11, 2006 7:59 AM > > To: ws-sx@lists.oasis-open.org > > Cc: Marc Goodner > > Subject: NEW Issue: Description of Strict Formatting seems wrong for > > EncryptedKey > > > > PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON > THREAD UNTIL > > THE ISSUE IS ASSIGNED A NUMBER. > > The issues coordinators will notify the list when that has occurred. > > > > Protocol: ws-sp > > > > > http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.ph > p/18837/ws > > -securitypolicy-1.2-spec-ed-01-r07.pdf > > > > Artifact: spec > > > > Type: > > > > design > > > > Title: > > > > Rules for strict format of security element seem incorrect > in the case > > of encrypted key used with Asymmetric Key. It is my > understanding that > > for every encryption, there will either be a ReferenceList (for > > Symmetric) or an EncryptedKey (for Asymmetric). However, the rules > seem > > to require a tope level ReferenceList even when an EncryptedKey is > > present. This causes implementation problems, especially > for WSS 1.0. > > > > Description: > > > > Section 6.7.1 (lines 1528-1536) say: > > > > ---- > > 4. If there are any encrypted elements in the message then a top > > level xenc:ReferenceList element MUST be present in the security > header. > > The xenc:ReferenceList MUST occur before any xenc:EncryptedData > elements > > in the security header that are referenced from the reference list. > > However, the xenc:ReferenceList is not required to appear before > > independently encrypted tokens such as the > xenc:EncryptedKey token as > > defined in WSS. > > 5. An xenc:EncryptedKey element without an internal reference list > > [WSS: SOAP Message Security 1.1] MUST obey rule (1). An > > xenc:EncryptedKey element with an internal reference list MUST > > additionally obey rule (4). > > ---- > > > > But my understanding is that you use either an EncryptedKey or a > > ReferenceList, but not both. If this is not a simple error, but > > intentional, I will provide information about implementation > > difficulties. > > > > > > Related issues: > > > > > > > > Proposed Resolution: > > > > Change #4 to say ReferenceList or Encrypted Key. > > > > Hal > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]