OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-sx] Issue 86: No policy support for content encryption?

This issue fell off our radar because of a typo in the issue list that hid it from the summary listings. My apologies.

-----Original Message-----
From: Corinna Witt [mailto:cwitt@bea.com]
Sent: Wednesday, July 26, 2006 11:49 AM
To: Marc Goodner; Frederick Hirsch; ws-sx@lists.oasis-open.org
Subject: RE: [ws-sx] Issue 86: No policy support for content encryption?

Hi,

There also seems to be no support for #Content encryption of /EncryptedParts/Header, or rather, there's no reference to whether Header encrytpion is by default #Element or #Content in line 687-696, and how to specify the non-default.

Can this handled under the same issue # ?

Corinna

-----Original Message-----
From: Marc Goodner [mailto:mgoodner@microsoft.com]
Sent: Monday, July 10, 2006 9:01 AM
To: Frederick Hirsch; ws-sx@lists.oasis-open.org
Subject: [ws-sx] Issue 86: No policy support for content encryption?

Issue 86

-----Original Message-----
From: Frederick Hirsch [mailto:frederick.hirsch@nokia.com]
Sent: Friday, July 07, 2006 11:05 AM
To: ws-sx@lists.oasis-open.org
Cc: Hirsch Frederick; Marc Goodner
Subject: NEW Issue: No policy support for content encryption?

PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER.
The issues coordinators will notify the list when that has occurred.

Protocol:  ws-sp

ws-securitypolicy-1.2-spec-ed-01-r07-diff

<http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/
18836/ws-securitypolicy-1.2-spec-ed-01-r07-diff.doc>

Artifact:  spec

Type: design

Title: No policy support for content encryption?

Description:
The EncryptedElements assertion requires element encryption, at line 724. There is no corresponding EncryptedContent assertion. So there is no way to require encryption of the content of an element (e.g.
xenc Type xmlenc#Content), only an element itself. This could be a limitation to policy expressiveness, when element content needs to be secured but the element itself not.

Related issues: none

Proposed Resolution:

regards, Frederick

Frederick Hirsch
Nokia


_______________________________________________________________________
Notice:  This email message, together with any attachments, may contain information  of  BEA Systems,  Inc.,  its subsidiaries  and  affiliated entities,  that may be confidential,  proprietary,  copyrighted  and/or legally privileged, and is intended solely for the use of the individual or entity named in this message. If you are not the intended recipient, and have received this message in error, please immediately return this by email and then delete it.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]