[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 162: no way to specify the policies for renew and cancel
Issue 162 From: Corinna Witt
[mailto:cwitt@bea.com] PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON
THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER. The issues coordinators will notify the list when that
has occurred. Protocol: ws-sp http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.pdf Artifact: spec Type: design Title: No way to specify the policies for
WS-SecureConversation renew and cancel Description: WS-SecurityPolicy currently allows to define the
WS-SecureConversation bootstrap policy, but there is no way to specify the
policies for renew and cancel. WS-Trust and WS-SecureConversation don't talk
about how to agree on policy for this either (they just talk about some general
requirements for such a policy). The following proposal is intended to start
discussion on a solution that would eliminate the need for out-of-band
agreements. Proposed Resolution: Add the following to the chapter "5.4.7
SecureConversationToken Assertion" of WS-SecurityPolicy (additions in
bold): <sp:SecureConversationToken
sp:IncludeToken="xs:anyURI"? xmlns:sp="..." ... >
<sp:Issuer>wsa:EndpointReferenceType</sp:Issuer> |
<sp:IssuerName>xs:anyURI</sp:IssuerName>
) ?
<sp:MustNotSendCancel ... /> ?
<sp:MustNotSendAmend ... /> ?
<sp:MustNotSendRenew ... /> ?
<sp:RenewPolicy ... >
<sp:CancelPolicy ... >
<sp:AmendPolicy ... > /sp:SecureConversationToken/wsp:Policy/sp:BootstrapPolicy This
optional element is a policy assertion that contains the policy indicating the
requirements for obtaining the Security Context Token. /sp:SecureConversationToken/wsp:Policy/sp:BootstrapPolicy/wsp:Policy This element
contains the security binding requirements for obtaining the Security Context
Token. It will typically contain a security binding assertion (e.g.
sp:SymmetricBinding) along with protection assertions (e.g. sp:SignedParts)
describing the parts of the RST/RSTR messages that are to be protected. /sp:SecureConversationToken/wsp:Policy/sp:Renew
Policy This
optional element is a policy assertion that contains the policy indicating the
requirements for renewing the Security Context Token. /sp:SecureConversationToken/wsp:Policy/sp:RenewPolicy/wsp:Policy This
element contains the security binding requirements for renewing the Security
Context Token. It will typically contain a security binding assertion (e.g.
sp:SymmetricBinding) along with protection assertions (e.g. sp:SignedParts)
describing the parts of the RST/RSTR messages that are to be protected. /sp:SecureConversationToken/wsp:Policy/sp:CancelPolicy This
optional element is a policy assertion that contains the policy indicating the
requirements for cancelling the Security Context Token. /sp:SecureConversationToken/wsp:Policy/sp:CancelPolicy/wsp:Policy This
element contains the security binding requirements for cancelling the Security
Context Token. It will typically contain a security binding assertion (e.g.
sp:SymmetricBinding) along with protection assertions (e.g. sp:SignedParts)
describing the parts of the RST/RSTR messages that are to be protected. /sp:SecureConversationToken/wsp:Policy/sp:AmendPolicy This optional
element is a policy assertion that contains the policy indicating the
requirements for amending the Security Context Token. /sp:SecureConversationToken/wsp:Policy/sp:AmendPolicy/wsp:Policy This
element contains the security binding requirements for amending the Security
Context Token. It will typically contain a security binding assertion (e.g.
sp:SymmetricBinding) along with protection assertions (e.g. sp:SignedParts) describing the parts
of the RST/RSTR messages that are to be protected.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]