OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: WSS draft 17 Issue -encryption processing rules clarity

I would like to ask a clarification on the Encryption processing rules in the SOAP Message Security Draft 17, 27 August 2003, merged

Section 9.3.1 Encryption processing rules, next to last bullet (lines 1146-1149) indicates that one KeyInfo element in an EncryptedData element may reference another KeyInfo element.

Questions

1. Does this imply the two KeyInfos are in different EncryptedData elements? What is the assumption on the two KeyInfos location?

2. What is the rationale and driving use case for this? Is it to allow two EncryptedData elements to share a key without requiring replication of the key information? Is it an alternative to using KeyName?
 
3 What is the mechanism to reference another KeyInfo element from another? Is it a SecurityTokenReference or something else? Where is this defined as a standard? Does this need to be stated in the WSS specification?
 
Assumptions around this processing rule would be helpful.
 
Thanks

regards, Frederick

Frederick Hirsch
Nokia Mobile Phones

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]