[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ws-sx] Issue i142: Examples 2.2.3 and 2.2.4 are miss-labeled
I have spent some time looking over this issue and will propose some
changes. However, there are a couple of points that I think need to
be on the table before a final decision is made.
1. While both scenarios do "require the use of mechanisms (e.g.
DerivedKeyToken)
defined in WS-SecureConversation" the policies themselves do not
explicitly require
the use of WS-SecureConversation per se', which I think generally
would be
indicated by specifying an sp:SecureConversationToken assertion.
2. The text does incorrectly reference the EncryptedKey mechanism as
being WSS1.1
specific, however, I think the intent was actually reference the
WSS1.1 #EncryptedKey
SecurityTokenReference mechanism, which is what is used in the
sample messages and
meets the WSS11 policy requirement for the
sp:MustSupportRefEncryptedKey assertion.
3. While I do not believe the policies explicitly require the use of
WS-SecureConversation,
except for the derived key mechanism mentioned above, it is true
that the examples both,
in fact, are WS-SecureConversation examples, which is due to the
fact that they were
taken from the WCF Interop.
Bottom line: I do not believe the sections are actually mislabeled,
however, I do think
the text needs some cleanup to indicate that the wss11 requirement is
the SecurityTokenReference
mechanism and to explicitly note that the example messages do use
WS-SecureConversation,
but that this is not explicitly required.
I will submit the above changes for consideration and if there are more
aspects to this issue that
need discussion, then we will move from there.
Thanks,
Rich
Greg Carpenter wrote:
> Issue i142.
>
>
>> -----Original Message-----
>> From: Hal Lockhart [mailto:hlockhar@bea.com]
>> Sent: Monday, July 02, 2007 12:47 PM
>> To: ws-sx@lists.oasis-open.org
>> Cc: Marc Goodner
>> Subject: [ws-sx] New Issue: Examples 2.2.3 and 2.2.4 are miss-labeled
>>
>> PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
>> THE ISSUE IS ASSIGNED A NUMBER.
>> The issues coordinators will notify the list when that has occurred.
>>
>> Protocol: ws-sp examples
>>
>> http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/24008/ws
>> -sp-usecases-examples-draft-14-02.doc
>>
>>
>> Artifact: examples
>>
>> Type:
>>
>> editorial
>>
>> Title:
>>
>> Examples 2.2.3 and 2.2.4 are miss-labeled
>>
>> Description:
>>
>> Examples 2.2.3 and 2.2.4 are identified as being based on WSS 1.1.
>> However, both require the use of mechanisms (e.g. DerivedKeyToken)
>> defined in WS-SecureConversation.
>>
>> The text refers to EncryptedKey as a WSS 1.1 feature, but EncryptedKey
>> is defined by XML Enc and has been present in WSS since version 1.0. I
>> am not sure if there is any dependency of these examples on WSS 1.1, but
>> surely their use of WS-SecureConversation is a much more significant
>> difference between them and the prior examples.
>>
>> Related issues:
>>
>> None
>>
>> Proposed Resolution:
>>
>> Modify the titles of these examples to make it clear that they are
>> examples of the use of WS-SecureConversation, not (just) WSS 1.1.
>>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]