[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: FW: [ws-sx-comment] Error on transport binding example ?
Seems like we haven't talked about this comment that came in on the public list. We probably need to make a formal decision on a call to respond to this. I think the existing description of the message in C.1.2 is correct. The signature should cover the timestamp and the signed endorsing token when using transport security as in this example. That's defined in section 8.4 that defines the SignedEndorsingSupportingTokens assertion. http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826565 "Signed endorsing tokens sign the entire ds:Signature element produced from the message signature and are themselves signed by that message signature, that is both tokens (the token used for the message signature and the signed endorsing token) sign each other. <snip/> If transport security is used, the token (Tok2) is included in the Security header and the signature (Sig2) should cover the message timestamp" -----Original Message----- From: valerie.bauche@bull.net [mailto:valerie.bauche@bull.net] Sent: Monday, January 28, 2008 2:47 AM To: ws-sx-comment@lists.oasis-open.org Subject: [ws-sx-comment] Error on transport binding example ? Hello I'm looking at the Transport Binding example in section C of WS-SecurityPolicy 1.2 specification. There's something strange : In the Initiator to Recipient Message (C.1.2) the signature covers the TimeStamp and the SignedEndorsingToken I think that it should cover the SignedEndorsingToken only if [Token Protection] is true but it is not in the example policy.... Is it an error or do I misunderstand something ? Valerie
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]