OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] scenarios for first interop

We should make sure we capture these, but my guess is that 1-4 will more
than cover a first interop event and we will likely need to move to a
2nd in order to cover these advanced scenarios as well as flushing out
additional token types (#11 as well as others).

That said, we should get these written up in more detail, along with
and see what people think they can commit to having for a first event.


-----Original Message-----
From: Ahmed, Zahid [mailto:zahid.ahmed@commerceone.com] 
Sent: Wednesday, March 05, 2003 2:04 AM
To: Chris Kaler; Web Services Security
Cc: Burdett, David

Here are some additional SOAP Message security interop test-cases
that we should consider for the first or second interop event. 
I am numbering them after the first four that Chris Kaler has proposed 
just in case we decide to compile these in some interop testing 
5. Signing and encrypting specific attachments in a Multi-part MIME SOAP

6. Signing and encrypting all attachments in a Multi-part MIME SOAP 
7. Decrypting and verifying signatures of specific attachments in a
    MIME SOAP message.
8. Decrypting and verifying signatures of all the attachments in a
Multi-part MIME 
   SOAP message.
9. Signing and encrypting SOAP Body and specific attachment in
    SOAP message.
10. Decrypting and signature verification of content in SOAP Body and
      required attachment in a Multi-part MIME SOAP message.
11. SOAP Message Token Processing for X.509 Certificates and SAML 
    Tokens, e.g., for authenticating a sending web service application
    a receiving web services applications. 
Also, #4 is quite important to flesh out in advance for #1 thru #3 and
thru #11.
Zahid Ahmed
Commerce One, Inc.

-----Original Message-----
From: Chris Kaler [mailto:ckaler@microsoft.com]
Sent: Monday, March 03, 2003 8:32 AM
To: Web Services Security
Subject: [wss] scenarios for first interop

I had the action to propose some initial scenarios for a first interop

event.  If people like these, I'll add more details like WSDL, example
messages, etc.


1. Send message with U/P over SSL and get response

2. Send message with U/P-Hash and get response signed with X.509

3. Send message with X.509 signature and encrypted with key passed

   in EncryptedKey using recipients certificate referenced by identifier

4. Variations on algorithms (C14N, encryption, etc.)


Signatures are over key headers and body.  Encryption is only on body.


Basically people would implement both clients and servers and then we

would interchange the components.





To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]