[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: NEW Issue: Description of Strict Formatting seems wrong for EncryptedKey
PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER. The issues coordinators will notify the list when that has occurred. Protocol: ws-sp http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/18837/ws -securitypolicy-1.2-spec-ed-01-r07.pdf Artifact: spec Type: design Title: Rules for strict format of security element seem incorrect in the case of encrypted key used with Asymmetric Key. It is my understanding that for every encryption, there will either be a ReferenceList (for Symmetric) or an EncryptedKey (for Asymmetric). However, the rules seem to require a tope level ReferenceList even when an EncryptedKey is present. This causes implementation problems, especially for WSS 1.0. Description: Section 6.7.1 (lines 1528-1536) say: ---- 4. If there are any encrypted elements in the message then a top level xenc:ReferenceList element MUST be present in the security header. The xenc:ReferenceList MUST occur before any xenc:EncryptedData elements in the security header that are referenced from the reference list. However, the xenc:ReferenceList is not required to appear before independently encrypted tokens such as the xenc:EncryptedKey token as defined in WSS. 5. An xenc:EncryptedKey element without an internal reference list [WSS: SOAP Message Security 1.1] MUST obey rule (1). An xenc:EncryptedKey element with an internal reference list MUST additionally obey rule (4). ---- But my understanding is that you use either an EncryptedKey or a ReferenceList, but not both. If this is not a simple error, but intentional, I will provide information about implementation difficulties. Related issues: Proposed Resolution: Change #4 to say ReferenceList or Encrypted Key. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]