OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-sx] FW: [ws-sx-comment] Error on transport binding example ?

Maybe you should assign it an Issue # so it does not get lost in the
shuffle.

Hal

> -----Original Message-----
> From: Marc Goodner [mailto:mgoodner@microsoft.com]
> Sent: Wednesday, February 20, 2008 5:37 PM
> To: ws-sx@lists.oasis-open.org
> Subject: [ws-sx] FW: [ws-sx-comment] Error on transport binding
example ?
> 
> Seems like we haven't talked about this comment that came in on the
public
> list. We probably need to make a formal decision on a call to respond
to
> this.
> 
> I think the existing description of the message in C.1.2 is correct.
The
> signature should cover the timestamp and the signed endorsing token
when
> using transport security as in this example. That's defined in section
8.4
> that defines the SignedEndorsingSupportingTokens assertion.
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-
> securitypolicy-1.2-spec-os.html#_Toc161826565
> 
> "Signed endorsing tokens sign the entire ds:Signature element produced
> from the message signature and are themselves signed by that message
> signature, that is both tokens (the token used for the message
signature
> and the signed endorsing token) sign each other.
> <snip/>
> If transport security is used, the token (Tok2) is included in the
> Security header and the signature (Sig2) should cover the message
> timestamp"
> 
> 
> 
> -----Original Message-----
> From: valerie.bauche@bull.net [mailto:valerie.bauche@bull.net]
> Sent: Monday, January 28, 2008 2:47 AM
> To: ws-sx-comment@lists.oasis-open.org
> Subject: [ws-sx-comment] Error on transport binding example ?
> 
> Hello
> 
> I'm looking at the Transport Binding example in section C of
> WS-SecurityPolicy 1.2 specification.
> There's something strange :
> In the Initiator to Recipient Message (C.1.2) the signature covers the
> TimeStamp and the SignedEndorsingToken
> I think that it should cover the SignedEndorsingToken only if [Token
> Protection] is true but it is not in the example policy....
> 
> Is it an error or do I misunderstand something ?
> 
> 
> Valerie
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in
> OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]