[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: RE: [ws-sx] Issue 117: Element or Content Encryption onSignedEncryptedSupportingTokens Assertion
Further to my previous, terse, missive; In the WSS 1.0 interop[1] (and subsequent WSS 1.1 interop[2]) the UsernameToken was encrypted using #Element. This further reinforces my belief that #Element is what we want here. Cheers Gudge [1] http://www.oasis-open.org/apps/org/workgroup/wss/download.php/2362/wss-interop1-draft-05.doc [2] http://www.oasis-open.org/apps/org/workgroup/wss/download.php/12997/wss-11-interop-draft-01.doc -----Original Message----- From: Martin Gudgin [mailto:mgudgin@microsoft.com] Sent: Tuesday, October 24, 2006 8:41 PM To: Marc Goodner; Hal Lockhart; ws-sx@lists.oasis-open.org Subject: RE: [ws-sx] Issue 117: Element or Content Encryption on SignedEncryptedSupportingTokens Assertion Hal, I don't understand why I'd want to use #content when encrypting tokens. I would have thought #element more likely. Gudge -----Original Message----- From: Marc Goodner [mailto:mgoodner@microsoft.com] Sent: Monday, October 23, 2006 10:20 AM To: Hal Lockhart; ws-sx@lists.oasis-open.org Subject: [ws-sx] Issue 117: Element or Content Encryption on SignedEncryptedSupportingTokens Assertion Issue 117. -----Original Message----- From: Hal Lockhart [mailto:hlockhar@bea.com] Sent: Thursday, October 19, 2006 10:33 AM To: ws-sx@lists.oasis-open.org Cc: Marc Goodner Subject: NEW Issue: Element or Content Encryption on SignedEncryptedSupportingTokens Assertion PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER. The issues coordinators will notify the list when that has occurred. Protocol: ws-sp WS-SecurityPolicy 1.2, Editors Draft 01, 01 September 2006 ws-securitypolicy-1.2-spec-ed-10 <http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/20579/w s-securitypolicy-1.2-spec-ed-01-r10.doc> Artifact: spec Type: design Title: Element or Content Encryption on SignedEncryptedSupportingTokens Assertion Description: Section 8.5 SignedEncryptedSupportingTokens does not define whether to use Element Encryption or Content Encryption to encrypt the token. This will be difficult to interop with different implementations and create some confusion to the user. Section 8.6 EndorsingEncryptedSupportingTokens Assertions and Section 8.7 SignedEndorsing EncryptedSupportingToken Assertions have the same issue. Related issues: none Proposed Resolution: Add one sentence to Sec. 8.5, Sec. 8.6, and Sec. 8.7: "Content Encryption should be used for encrypting the supporting tokens.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]