[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: ebMS 3.0 PMode Security Type Updates for review
|
Reused SignatureAlgorithmType and EncryptionAlgorithmType to
contain algorithm identifiers and minimum strength indicator. Added more types
discussed below. Changed cardinality to make contents optional. The issue concerning how to indicate elements to be signed,
elements to be encrypted, and the order of those operations on elements is not
yet here addressed. I think that we should consider what has been done by
WS-SecurityPolicy even though that specification is not yet an approved
standard of a SDO. We may wish to at least leave a means of extension to make
use of these very detailed security specification assertions See the public review draft at http://www.oasis-open.org/committees/download.php/21398/ws-securitypolicy-1.2-spec-ed-01-r12.pdf For the topic of signed parts and signed elements see
section 4.1, Protection Assertions. Data confidentiality is discussed in section
4.2 I did not see any Protection Assertions for attachments so
far. Since it is still in public review for a few more days, we could submit a
question about how attachment protection is indicated. I also am looking for how the ordering is agreed upon. My
guess at the moment is that ordering is left to the actual WSS header to
convey. <xsd:complexType name="PModeSecurityType"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> <xsd:sequence> <xsd:element
name="UsernameToken" minOccurs="0"
type="tns:UserNameTokenType"/> <xsd:element
name="EncryptionCertificate" minOccurs="0"
maxOccurs="unbounded" type="tns:CertificateUnionType"/> <xsd:element
name="SignatureCertificate" minOccurs="0"
maxOccurs="unbounded" type="tns:CertificateUnionType"/> <xsd:element
name="Signature" minOccurs="0"
type="tns:SignatureAlgorithmType"/> <xsd:element
name="Encryption" minOccurs="0"
type="tns:EncryptionAlgorithmType"/> </xsd:sequence> <xsd:attribute
name="wssVersion" type="xsd:string"/> <xsd:attribute
name="authorize" type="xsd:boolean"/> <xsd:attribute
name="created" type="xsd:boolean"/> <xsd:attribute
name="nonce" type="xsd:boolean"/> <xsd:attribute
name="digest" type="xsd:boolean"/> </xsd:complexType> Reassembled existing CPA types to allow either direct
inclusion of Certificate or use of a reference to point to a certificate
contained in the document. <xsd:complexType
name="CertificateUnionType"> <xsd:sequence> <xsd:choice> <xsd:element
ref="ds:KeyInfo"/> <xsd:element
ref="tns:CertificateRef"/> </xsd:choice> </xsd:sequence> <xsd:anyAttribute
processContents="lax" namespace="##any" /> </xsd:complexType> Added a UserNameTokenType subtype. The choice
should allow the appearance of encrypted UserNameTokenTypes and other namespace
definitions of security tokens. <xsd:complexType
name="UserNameTokenType"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> <xsd:choice> <xsd:sequence> <xsd:element
name="UserName" minOccurs="0"/> <xsd:element
name="SecurityToken"/> </xsd:sequence> <xsd:sequence> <xsd:any
minOccurs="1" maxOccurs="unbounded" namespace="##other" processContents="lax"/> </xsd:sequence> </xsd:choice> </xsd:complexType> |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]