[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] FW: [ws-sx-comment] Error on transport binding example ?
Maybe you should assign it an Issue # so it does not get lost in the shuffle. Hal > -----Original Message----- > From: Marc Goodner [mailto:mgoodner@microsoft.com] > Sent: Wednesday, February 20, 2008 5:37 PM > To: ws-sx@lists.oasis-open.org > Subject: [ws-sx] FW: [ws-sx-comment] Error on transport binding example ? > > Seems like we haven't talked about this comment that came in on the public > list. We probably need to make a formal decision on a call to respond to > this. > > I think the existing description of the message in C.1.2 is correct. The > signature should cover the timestamp and the signed endorsing token when > using transport security as in this example. That's defined in section 8.4 > that defines the SignedEndorsingSupportingTokens assertion. > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws- > securitypolicy-1.2-spec-os.html#_Toc161826565 > > "Signed endorsing tokens sign the entire ds:Signature element produced > from the message signature and are themselves signed by that message > signature, that is both tokens (the token used for the message signature > and the signed endorsing token) sign each other. > <snip/> > If transport security is used, the token (Tok2) is included in the > Security header and the signature (Sig2) should cover the message > timestamp" > > > > -----Original Message----- > From: valerie.bauche@bull.net [mailto:valerie.bauche@bull.net] > Sent: Monday, January 28, 2008 2:47 AM > To: ws-sx-comment@lists.oasis-open.org > Subject: [ws-sx-comment] Error on transport binding example ? > > Hello > > I'm looking at the Transport Binding example in section C of > WS-SecurityPolicy 1.2 specification. > There's something strange : > In the Initiator to Recipient Message (C.1.2) the signature covers the > TimeStamp and the SignedEndorsingToken > I think that it should cover the SignedEndorsingToken only if [Token > Protection] is true but it is not in the example policy.... > > Is it an error or do I misunderstand something ? > > > Valerie > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in > OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]