wss-m message

Subject: Links for records of 2008 WS-SX Examples Virtual Interop

From: rich levinson <rich.levinson@oracle.com>
To: David Turner <David.Turner@microsoft.com>, wss-m@lists.oasis-open.org
Date: Wed, 24 Aug 2011 11:28:27 -0400

Hi David,

The following is the info on the WS-SX Virtual Interop that was done in Oct-Dec 2008.

The examples document contains a broad range of use cases for WS-Security. The starting
point for defining examples was to examine previous Interops for both WSS-10 and WSS-11,
and pull together a sampling of scenarios that covered those Interops plus some other
scenarios that were designed to fill any major gaps in coverage that were known. Links to
the original previous interop documentation are included in the examples doc:
http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-examples-cs-02.html#_Toc274723231

As such, the 2008 WS-SX Examples Virtual Interop may be thought of as an
"Interop of Interops plus". i.e. in a majority of the scenarios the scenario
executed was similar or equivalent to a scenario from a previous interop.

Link to final Examples document:
http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-examples-cs-02.html
The official authoritative document is at:
http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-examples-cs-02.doc

This email was the kickoff mtg for prep for the virtual Interop that was conducted for the
purpose of validating the infomation in the Examples document:
http://lists.oasis-open.org/archives/ws-sx/200808/msg00024.html

The following links are to the WS-SX 2008 virtual interop results that are
in the OASIS repository (note: all this stuff used to be packaged up in a zip
file, but OASIS TC Admin decided to include all the files individually in the
repository:

This link contains the readme for the Examples doc interop results:
http://docs.oasis-open.org/ws-sx/security-policy/examples/readme.txt
This link contains a directory containing the certs, policies, and wsdl used
for the interop:
http://docs.oasis-open.org/ws-sx/security-policy/examples/wssp_interop_v3_policies-certs-cd-01/interop/
This link is to the top level examples doc directory which contains separate files
for traces of both the requests and responses that were taken during the course
of the interop:
http://docs.oasis-open.org/ws-sx/security-policy/examples/
In particular, the interop req/rsp files are named: a2*.xml i.e.
http://docs.oasis-open.org/ws-sx/security-policy/examples/a2*.xml

For reference, the following is from the readme file that describes at a high level the
scenarios that were executed during the Interop and for which trace results are
provided (see 3rd bullet above):

#1  2.1.1.3   (WSS 1.0)  UsernameToken timestamp, nonce and password hash
#2  2.1.3.1   (WSS 1.0)  UsernameToken X509, Asymmetric Encrypt
#3  2.1.4     (WSS 1.1)  UsernameToken X509, Symmetric Sign, Encrypt
#4  2.2.2     (WSS1.0)   Mutual AUth,  X509, Asymmetric Sign, Encrypt
#5  2.2.4     (WSS1.1)   Mutual Auth,  X509, Symmetric Sign, Encrypt
#6  2.3.2.4   (WSS1.1)   SAML1.1 SV X509, Sign, Encrypt
#7a 2.3.2.5-a (WSS1.1)   (WST1.3 get SAML1.1 HK frm STS) MutAuth, X509, Symm, Sign, Encrypt
#7b 2.3.2.5-b (WSS1.1)   (use SAML1.1 HK frm STS) + X509, Sign, Encrypt
#8  2.4.1     (WSS1.0)   SecConvTok bootstrap by Mut Auth, X509

Let me know if you have any questions.

Thanks,
Rich