[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: NEW Issue: no way to specify the policies for renew and cancel
PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
THE ISSUE IS ASSIGNED A NUMBER. The issues coordinators will notify the list when that has occurred. Protocol: ws-sp http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.pdf Artifact: spec Type: design Title: No way to specify the policies for WS-SecureConversation renew
and cancel Description: WS-SecurityPolicy currently allows to define the WS-SecureConversation
bootstrap policy, but there is no way to specify the policies for renew and
cancel. WS-Trust and WS-SecureConversation don't talk about how to agree on
policy for this either (they just talk about some general requirements for such
a policy). The following proposal is intended to start discussion on a solution
that would eliminate the need for out-of-band agreements. Proposed Resolution: Add the following to the chapter "5.4.7 SecureConversationToken
Assertion" of WS-SecurityPolicy (additions in bold): <sp:SecureConversationToken
sp:IncludeToken="xs:anyURI"?
xmlns:sp="..." ... >
<sp:Issuer>wsa:EndpointReferenceType</sp:Issuer>
|
<sp:IssuerName>xs:anyURI</sp:IssuerName> ) ?
<sp:MustNotSendCancel ... /> ?
<sp:MustNotSendAmend ... /> ?
<sp:MustNotSendRenew ... /> ?
<sp:RenewPolicy ... >
<sp:CancelPolicy ... >
<sp:AmendPolicy ... > /sp:SecureConversationToken/wsp:Policy/sp:BootstrapPolicy This optional element is a policy assertion that contains
the policy indicating the requirements for obtaining the Security Context
Token. /sp:SecureConversationToken/wsp:Policy/sp:BootstrapPolicy/wsp:Policy This element contains the security binding requirements for
obtaining the Security Context Token. It will typically contain a security
binding assertion (e.g. sp:SymmetricBinding) along with protection assertions
(e.g. sp:SignedParts) describing the parts of the RST/RSTR messages that are to
be protected. /sp:SecureConversationToken/wsp:Policy/sp:Renew Policy This optional element is a policy assertion
that contains the policy indicating the requirements for renewing the Security
Context Token. /sp:SecureConversationToken/wsp:Policy/sp:RenewPolicy/wsp:Policy This element contains the security binding
requirements for renewing the Security Context Token. It will typically contain
a security binding assertion (e.g. sp:SymmetricBinding) along with protection
assertions (e.g. sp:SignedParts) describing the parts of the RST/RSTR messages
that are to be protected. /sp:SecureConversationToken/wsp:Policy/sp:CancelPolicy This optional element is a policy assertion
that contains the policy indicating the requirements for cancelling the
Security Context Token. /sp:SecureConversationToken/wsp:Policy/sp:CancelPolicy/wsp:Policy This element contains the security binding
requirements for cancelling the Security Context Token. It will typically
contain a security binding assertion (e.g. sp:SymmetricBinding) along with
protection assertions (e.g. sp:SignedParts) describing the parts of the
RST/RSTR messages that are to be protected. /sp:SecureConversationToken/wsp:Policy/sp:AmendPolicy This optional element is a policy assertion
that contains the policy indicating the requirements for amending the Security
Context Token. /sp:SecureConversationToken/wsp:Policy/sp:AmendPolicy/wsp:Policy This element contains the security binding
requirements for amending the Security Context Token. It will typically contain
a security binding assertion (e.g. sp:SymmetricBinding) along with protection assertions
(e.g. sp:SignedParts) describing the parts of the RST/RSTR messages that are to
be protected. Notice: This email message, together with any attachments, may contain information of BEA Systems, Inc., its subsidiaries and affiliated entities, that may be confidential, proprietary, copyrighted and/or legally privileged, and is intended solely for the use of the individual or entity named in this message. If you are not the intended recipient, and have received this message in error, please immediately return this by email and then delete it. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]