[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: New Issue: EncryptedKey token profile
During some of the interoperability events and in some of the TC concalls, people had commented that keys passed using EncryptedKey could be used to secure response messages if there was a way to use them. This for example, is useful in the anonymous client cases where the recipient has a public key known to the sender. Similarly, if the client is using a username token to authenticate, this provides a mechanism to encrypt the username (and password) with a strong random key and secure responses (in the case that the recipient service has a public key known to the sender). However, there doesn't seem to be a good interoperabile mechanism for referencing this key. The attached proposal from a few of the TC members suggests creating a separate token profile for EncryptedKey which allows it to be referenced using a KeyIdentifier and used in subsequent messages. We ask that the TC consider addressing this scenario and consider using this input material. <<EKToken-profile.doc>> Vijay
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]