[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] HMAC Key Derivation in UsernameToken Profile Issue
> What do others think? I still feel strongly that this issue is a
bane on interoperability for the Username Token profile.
It
seems like this would be best handled by the WS-I BSP since there are many
different mechanisms that could be used. Now is the prime time
to
bring this up since we are in early phase of the BSP.
Anthony
Nadalin | work 512.436.9568 | cell 512.289.4122
--- Begin Message ---Title: RE: Sigining using UsernameToken in ws-security
- From: "Hervey Wilson" <herveyw@microsoft.com>
- To: <dims@yahoo.com>,"Keith Ballinger" <keithba@microsoft.com>,"Andy Gordon" <adg@microsoft.com>,"Chris Kaler" <ckaler@microsoft.com>
- Date: Tue, 27 May 2003 11:20:03 -0500
WSE 1.0 doesn't do either Trust or SecureConversation. WSE 2.0 uses the
definition from Trust and is the version you should build against for
interop purposes.
> -----Original Message-----
--- End Message ---
> From: Davanum Srinivas [mailto:dims@yahoo.com]
> Sent: Tuesday, May 27, 2003 8:21 AM
> To: Keith Ballinger; Andy Gordon; Chris Kaler; Hervey Wilson
> Cc: drsecure@us.ibm.com
> Subject: RE: Sigining using UsernameToken in ws-security
>
> Hervey,
>
> Am really stuck doing an interop with Microsoft WSE. Can you
> please let me know the algorithm to calculate the key? As you
> can see from the email trail below, we need to know the following
>
> #1: Which spec does Microsoft WSE implement?
> (WS-Trust? or WS-SecureCoversation? or Something else?)
> #2: What is the label used?
> (Where does WSE get the label from?)
> #3: What is the generated key length?
> (AFAIK - HMACSHA1 uses 48 by default)
>
> Any sample input and corresponding output to the key gen code
> would be REALLY appreciated.
>
> Thanks,
> dims
>
>
> --- Keith Ballinger <keithba@microsoft.com> wrote:
> > Looping in Hervey.
> >
> > ________________________________
> >
> > From: Davanum Srinivas [mailto:dims@yahoo.com]
> > Sent: Sun 5/25/2003 12:18 PM
> > To: Andy Gordon; Chris Kaler
> > Cc: Keith Ballinger; drsecure@us.ibm.com
> > Subject: RE: Sigining using UsernameToken in ws-security
> >
> >
> >
> > Hmmmm...WS-SecureConversation's key gen is quite different
> from the WS-Trust.
> >
> > WS-Trust defines wsse:PWDPSHA1 as:
> > P_SHA1 (password, label + nonce + timestamp)
> >
> > WS-SecureConversation defines wsse:PSHA1 as:
> > P_SHA1 (secret, label + nonce)
> >
> > Questions:
> > #1: Which spec does Microsoft WSE implement?
> > #2: What is the label used?
> > #3: What is the generated key length?
> >
> > Please help. This is really stopping us from doing an
> interop with Microsoft WSE.
> >
> > Thanks,
> > dims
> >
> >
> > --- Andy Gordon <adg@microsoft.com> wrote:
> > > Hi, I don't have anything to add; the info on those slides about
> > > usernametoken sigs came from WS-SecureConversation, and a careful
> > > examination of the messages generated by WSE.
> > >
> > > Best, Andy
> > >
> > > > -----Original Message-----
> > > > From: Chris Kaler
> > > > Sent: 23 May 2003 15:59
> > > > To: 'dims@yahoo.com'
> > > > Cc: Keith Ballinger; drsecure@us.ibm.com; Andy Gordon
> > > > Subject: RE: Sigining using UsernameToken in ws-security
> > > >
> > > > Take a look at the WS-Trust specification. It has a section
> > > describing
> > > > how to construct a key from a password using PSHA1.
> > > >
> > > > Chris
> > > >
> > > > -----Original Message-----
> > > > From: Davanum Srinivas [mailto:dims@yahoo.com]
> > > > Sent: Friday, May 23, 2003 7:46 AM
> > > > To: drsecure@us.ibm.com; Chris Kaler; Andy Gordon
> > > > Subject: Sigining using UsernameToken in ws-security
> > > >
> > > > Folks,
> > > >
> > > > I was trying to understand how
> WS-Security/Microsoft-WSE works. In
> > > > particular, i was able understand how to calculate the
> > > > PasswordDigest for UsernameToken
> > > using:
> > > > password_digest= SHA1[nonce + created + password]
> > > >
> > > > But Microsft WSE goes further and signs the message using a key:
> > > > key=psha1(pw+nonce+time)
> > > >
> > > > I found this information at:
> > > >
> > >
> http://research.microsoft.com/collaboration/university/europe/events
> > > /dot
> > > ne
> > > > tcc/version4/Slides/gordon.ppt
> > > >
> > > > Both the original WS-Security spec and the Addendum do
> not refer
> > > > to
> > > how
> > > > this key is constructed,
> > > > though i found some references to it in
> WS-SecureConversation spec.
> > > >
> > > > Question:
> > > > - Is there any other doc that explains how the key is
> contructed?
> > > > - How can someone do an interop is we DON'T know how the system
> > > > should work?
> > > >
> > > > Thanks,
> > > > dims
> > > >
> > > > =====
> > > > Davanum Srinivas - http://webservices.apache.org/~dims/
> > > >
> > > > __________________________________
> > > > Do you Yahoo!?
> > > > The New Yahoo! Search - Faster. Easier. Bingo.
> > > > http://search.yahoo.com
> >
> >
> > =====
> > Davanum Srinivas - http://webservices.apache.org/~dims/
> >
> > __________________________________
> > Do you Yahoo!?
> > The New Yahoo! Search - Faster. Easier. Bingo.
> > http://search.yahoo.com
> >
> >
> >
>
> > ATTACHMENT part 2 application/ms-tnef name=winmail.dat
>
>
>
> =====
> Davanum Srinivas - http://webservices.apache.org/~dims/
>
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo.
> http://search.yahoo.com
>
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]