OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] New Document - Usage Label Values

> Do you have an example of how/when these would be used?
>  
> &Thomas.

Thomas,

I am not quite sure what you mean. I can certainly add an example XML fragment, showing the use of one of these URIs as the value of a Usage attribute, however the syntax is extremely simple and obvious.

As the document says, the intention is that protocols (message patterns) would be defined elsewhere which could be used to "prove" the validity of the asserted usage. Since there might be more than one for each usage value I have not specified them. I do have in mind a project, separate from the WSS TC, which might do this as a part of its activities.

Here are some examples of the kind of thing I have in mind. 

o A Intermediary might sign over all or part of the message that had been previously signed by the requester (Access Subject). 

o The message might contain a reference to a key to be used to encrypt the response so that only the receiver of the response could read it. 

The idea of usage labels is to avoid forcing the receiver of a message from having to deduce what is going from the pattern of signatures, encryptions and tokens. Naturally the receiver is not expected to take this information on faith. It will confirm that an appropriate message pattern has been used and apply local authorization policies before acting on the message.

The history of this proposal was that I originally proposed the Usage attribute AND the values be included in the core. I was agreed that the Usage attribute would be defined in core, but the values would be specified in a separate document, post 1.0. I am merely following that plan. I am open to suggestions.

As to the values themselves, I do not my any means consider them exhaustive. I propose them for two related reasons.

1. They have well understood semantics and match common use cases. In most cases they are supported to some degree in existing systems.

2. They happen to match values defined by XACML (because of #1). One issue for XACML is that since its scope is limited to the expression and evaluation of policy in a variety of environments, it has no way of requiring that all the information necessary for evaluating certain types of policies actually be available to the PDP. Since I expect WSS to be widely used, my goal is to at least enable the availability of these policy inputs when WSS is employed.

I assume that in the vast majority of WSS messages, Usage attributes will NOT be used. However, when complex patterns of multiple signatures, encryptions and tokens are present, I believe that their use will simplify the receiver's task.

It has occurred to me that there might be appropriate Usage attributes values to be associated with the use of an REL license. However, perhaps there is only one semantic to be applied to license of content, in which distinct Usage values are unnecessary. Since you are more familiar with this area, I leave it to you. I would certainly entertain suggestions for the addition of other values and semantics to this document from you or anyone else. Alternatively you could propose a separate profile, intended for use in a different setting.

Hal

> ________________________________
> 
> From: Hal Lockhart [mailto:hlockhar@bea.com]
> Sent: Tue 8/24/2004 6:51 AM
> To: wss@lists.oasis-open.org
> Subject: [wss] New Document - Usage Label Values
> 
> 
> 
> This is the long promised specification on usage label 
> values. It is very short. Please comment.
> 
> Hal
> 
> 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]