RE: [ws-sx] Issue 66: Security Policy Usecases

[Anthony Nadalin <drsecure@us.ibm.com>]

Ashok, thanks for reminding me. So for example take 2.3.1.3, it states "Initiator may be considered to be authorized by the issuer of the hk SAML assertion to bind message content to the Subject of the assertion. If the Client Certificate matches the certificate identified in the hk assertion, the initiator may be regarded as executing SAML hk responsibility of binding the Subject of the hk assertion to the content of the message." this implies processing assumptions that can't be addressed in WS-SecurityPolicy.

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
"Ashok Malhotra" <ashok.malhotra@oracle.com>

"Ashok Malhotra" <ashok.malhotra@oracle.com>

10/10/2006 04:52 PM

To	Anthony Nadalin/Austin/IBM@IBMUS
cc	"Prateek.Mishra@oracle.com" <Prateek.Mishra@oracle.com>, "Rich Levinson" <rich.levinson@oracle.com>, "ws-sx@lists.oasis-open.org" <ws-sx@lists.oasis-open.org>
Subject	RE: [ws-sx] Issue 66: Security Policy Usecases

Hi Tony:
On last week's WS-SX call we said that we did not understand what you meant by
"processing assumptions" on some of the usecases. See your note below.
You offered to clarify. Could you please send the clarifications. We are anxious to
make progress on the usecase document.

All the best, Ashok

---

From: Anthony Nadalin [mailto:drsecure@us.ibm.com] 
Sent: Wednesday, September 27, 2006 6:53 AM
To: ws-sx@lists.oasis-open.org
Subject: [ws-sx] Issue 66: Security Policy Usecases

While reading the document quite a few of these use cases were confusing as they had to deal with processing assumptions rather than wire format assumptions. So while we can think up many usecases, I'm not sure the purpose of several of the scenarios in section 2.3 (like 2.3.1.3)

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122