W3C home > Mailing lists > Public > www-ws@w3.org > April 2007

Help: Question on TransportBinding assertion in WS-SecurityPolicy

From: Yuquan Tracy Jiang \(jiangy\) <jiangy@cisco.com>
Date: Mon, 23 Apr 2007 17:14:31 -0700
Message-ID: <43F339CB2F4C8E4DA0AC53BFA69B0DD5038E0EA7@xmb-sjc-226.amer.cisco.com>
To: <www-ws@w3.org>
I have a question regarding the TransportBinding assertion in the
ecuritypolicy-1.0.pdf> ). 
The spec defienes the TransportBinding Assertion (Section 7.3) to have
the following format: 
<sp:TransportBinding ... >


<sp:TransportToken ... >

<wsp:Policy> ... </wsp:Policy>



<sp:AlgorithmSuite ... > ... </sp:AlgorithmSuite>

<sp:Layout ... > ... </sp:Layout> ?

<sp:IncludeTimestamp ... /> ?






I am really confused by the meaning of the nested policies, including
sp:AlgorithmSuite, sp:Layout, sp:IncludeTimestamp. 


Looks to me only the TransportToken is relavent to the transport level
security, eg, https. When other nested policies are present together
with HttpsToken, 

are they really relating to each other, or only the https token is
related to tranport level security, and the rest of the nested policies,
although included

in the TransportBinding policy, are actually used to control message
level security? 


The most confusing part is the AlgorithmSuite policy. When it is used
together with HttpsToken in the TransportBinding policy, is it used to
control the ciphersuites

to be used in SSL negotiation? Or it has nothing to do with SSL
negotiation and only used to control the XML crypto operations on the
message level? 


Can someone share a right understanding on this? 


Thanks in advance!


Received on Tuesday, 24 April 2007 06:49:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:37:15 UTC