[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Issue i134: InlcudeToken Policy Assertion Parametersand alternatives
Issue i134 > -----Original Message----- > From: K.Venugopal@Sun.COM [mailto:K.Venugopal@Sun.COM] > Sent: Tuesday, May 29, 2007 7:13 AM > To: ws-sx@lists.oasis-open.org > Subject: [ws-sx] New Issue: InlcudeToken Policy Assertion Parameters and > alternatives > > PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL > THE ISSUE IS ASSIGNED A NUMBER. > The issues coordinators will notify the list when that has occurred. > *Protocol:* ws-securitypolicy > _http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/21362/ws- > secureconversation-1.3-spec-cs-01.pdf_ > > _http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/23821/ws- > securitypolicy-1.2-spec-cs.pdf_ > > *Artifact:* spec > *Type:* spec > *Title:* Policy Assertion Parameters and alternatives > *Description:* > > As we know WS Policy does not use Policy Assertion parameters when > intersecting Policy Assertions. IMO this would impact WS Security Policy > to certain extent. > eg: > > Alternative A > ------------------------------- > <sp:AsymmetricBinding > > <wsp:Policy> > <sp:InitiatorToken > > <sp:X509Token sp:IncludeToken = ".....Never"> > <wsp:Policy> > <sp:RequireDerivedKeys ... /> > <sp:RequireKeyIdentifierReference ... /> > </wsp:Policy> > </sp:X509Token> > </sp:InitiatorToken > > > <sp:RecipientToken > > <sp:X509Token sp:IncludeToken = ".......Never"> > <wsp:Policy> > <sp:RequireDerivedKeys ... /> > <sp:RequireKeyIdentifierReference ... /> > </wsp:Policy> > </sp:X509Token> > </sp:RecipientToken > > > </wsp:Policy> > </sp:AsymmetricBinding > > > > Alternative B > ------------------------------- > <sp:AsymmetricBinding > > <wsp:Policy> > <sp:InitiatorToken > > <sp:X509Token sp:IncludeToken = "......Always"> > <wsp:Policy> > <sp:RequireDerivedKeys ... /> > <sp:RequireKeyIdentifierReference ... /> > </wsp:Policy> > </sp:X509Token> > </sp:InitiatorToken > > > <sp:RecipientToken > > <sp:X509Token sp:IncludeToken = "......Always"> > <wsp:Policy> > <sp:RequireDerivedKeys ... /> > <sp:RequireKeyIdentifierReference ... /> > </wsp:Policy> > </sp:X509Token> > </sp:RecipientToken > > > </wsp:Policy> > </sp:AsymmetricBinding > > > > > When intersected with the default algorithm of the policy framework the > resulting policy would contain mutually contradictory X509Token > parameters. On one hand, the resulting policy would require never to > include X509Tokens while at the same time always requiring to include > X509Tokens. The intersection result would effectively yield an invalid > policy. > > > Regards, > Venu
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]