ws-secureconversation-1.3-os

1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page1of40WS-SecureConversation1.
3OASISStandard1March2007ArtifactIdentifier:ws-secureconversation-1.
3-osLocation:ThisVersion:http://docs.
oasis-open.
org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.
3-os.
dochttp://docs.
oasis-open.
org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.
3-os.
pdfhttp://docs.
oasis-open.
org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.
3-os.
htmlPreviousVersion:http://docs.
oasis-open.
org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.
3-spec-cs-01.
dochttp://docs.
oasis-open.
org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.
3-spec-cs-01.
pdfhttp://docs.
oasis-open.
org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.
3-spec-cs-01.
htmlLatestVersion:http://docs.
oasis-open.
org/ws-sx/ws-secureconversation/v1.
3/ws-secureconversation.
dochttp://docs.
oasis-open.
org/ws-sx/ws-secureconversation/v1.
3/ws-secureconversation.
pdfhttp://docs.
oasis-open.
org/ws-sx/ws-secureconversation/v1.
3/ws-secureconversation.
htmlTechnicalCommittee:OASISWebServicesSecureExchangeTCChair(s):KelvinLawrence,IBMChrisKaler,MicrosoftEditor(s):AnthonyNadalin,IBMMarcGoodner,MicrosoftMartinGudgin,MicrosoftAbbieBarbir,NortelHansGranqvist,VeriSignRelatedwork:NADeclaredXMLnamespace(s):http://docs.
oasis-open.
org/ws-sx/ws-secureconversation/200512Abstract:Thisspecificationdefinesextensionsthatbuildon[WS-Security]toprovideaframeworkforrequestingandissuingsecuritytokens,andtobrokertrustrelationships.
ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page2of40Status:ThisdocumentwaslastrevisedorapprovedbytheWS-SXTContheabovedate.
Thelevelofapprovalisalsolistedabove.
Checkthecurrentlocationnotedaboveforpossiblelaterrevisionsofthisdocument.
Thisdocumentisupdatedperiodicallyonnoparticularschedule.
TechnicalCommitteemembersshouldsendcommentsonthisspecificationtotheTechnicalCommittee'semaillist.
OthersshouldsendcommentstotheTechnicalCommitteebyusingthe"SendAComment"buttonontheTechnicalCommittee'swebpageathttp://www.
oasis-open.
org/committees/ws-sx.
Forinformationonwhetheranypatentshavebeendisclosedthatmaybeessentialtoimplementingthisspecification,andanyoffersofpatentlicensingterms,pleaserefertotheIntellectualPropertyRightssectionoftheTechnicalCommitteewebpage(http://www.
oasis-open.
org/committees/ws-sx/ipr.
php.
Thenon-normativeerratapageforthisspecificationislocatedathttp://www.
oasis-open.
org/committees/ws-sx.
ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page3of40NoticesCopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
AllcapitalizedtermsinthefollowingtexthavethemeaningsassignedtothemintheOASISIntellectualPropertyRightsPolicy(the"OASISIPRPolicy").
ThefullPolicymaybefoundattheOASISwebsite.
Thisdocumentandtranslationsofitmaybecopiedandfurnishedtoothers,andderivativeworksthatcommentonorotherwiseexplainitorassistinitsimplementationmaybeprepared,copied,published,anddistributed,inwholeorinpart,withoutrestrictionofanykind,providedthattheabovecopyrightnoticeandthissectionareincludedonallsuchcopiesandderivativeworks.
However,thisdocumentitselfmaynotbemodifiedinanyway,includingbyremovingthecopyrightnoticeorreferencestoOASIS,exceptasneededforthepurposeofdevelopinganydocumentordeliverableproducedbyanOASISTechnicalCommittee(inwhichcasetherulesapplicabletocopyrights,assetforthintheOASISIPRPolicy,mustbefollowed)orasrequiredtotranslateitintolanguagesotherthanEnglish.
ThelimitedpermissionsgrantedaboveareperpetualandwillnotberevokedbyOASISoritssuccessorsorassigns.
Thisdocumentandtheinformationcontainedhereinisprovidedonan"ASIS"basisandOASISDISCLAIMSALLWARRANTIES,EXPRESSORIMPLIED,INCLUDINGBUTNOTLIMITEDTOANYWARRANTYTHATTHEUSEOFTHEINFORMATIONHEREINWILLNOTINFRINGEANYOWNERSHIPRIGHTSORANYIMPLIEDWARRANTIESOFMERCHANTABILITYORFITNESSFORAPARTICULARPURPOSE.
OASISrequeststhatanyOASISPartyoranyotherpartythatbelievesithaspatentclaimsthatwouldnecessarilybeinfringedbyimplementationsofthisOASISCommitteeSpecificationorOASISStandard,tonotifyOASISTCAdministratorandprovideanindicationofitswillingnesstograntpatentlicensestosuchpatentclaimsinamannerconsistentwiththeIPRModeoftheOASISTechnicalCommitteethatproducedthisspecification.
OASISinvitesanypartytocontacttheOASISTCAdministratorifitisawareofaclaimofownershipofanypatentclaimsthatwouldnecessarilybeinfringedbyimplementationsofthisspecificationbyapatentholderthatisnotwillingtoprovidealicensetosuchpatentclaimsinamannerconsistentwiththeIPRModeoftheOASISTechnicalCommitteethatproducedthisspecification.
OASISmayincludesuchclaimsonitswebsite,butdisclaimsanyobligationtodoso.
OASIStakesnopositionregardingthevalidityorscopeofanyintellectualpropertyorotherrightsthatmightbeclaimedtopertaintotheimplementationoruseofthetechnologydescribedinthisdocumentortheextenttowhichanylicenseundersuchrightsmightormightnotbeavailable;neitherdoesitrepresentthatithasmadeanyefforttoidentifyanysuchrights.
InformationonOASIS'procedureswithrespecttorightsinanydocumentordeliverableproducedbyanOASISTechnicalCommitteecanbefoundontheOASISwebsite.
Copiesofclaimsofrightsmadeavailableforpublicationandanyassurancesoflicensestobemadeavailable,ortheresultofanattemptmadetoobtainagenerallicenseorpermissionfortheuseofsuchproprietaryrightsbyimplementersorusersofthisOASISCommitteeSpecificationorOASISStandard,canbeobtainedfromtheOASISTCAdministrator.
OASISmakesnorepresentationthatanyinformationorlistofintellectualpropertyrightswillatanytimebecomplete,orthatanyclaimsinsuchlistare,infact,EssentialClaims.
Thename"OASIS"isatrademarkofOASIS,theowneranddeveloperofthisspecification,andshouldbeusedonlytorefertotheorganizationanditsofficialoutputs.
OASISwelcomesreferenceto,andimplementationanduseof,specifications,whilereservingtherighttoenforceitsmarksagainstmisleadinguses.
Pleaseseehttp://www.
oasis-open.
org/who/trademark.
phpforaboveguidance.
ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page4of40TableofContents1Introduction.
51.
1GoalsandNon-Goals51.
2Requirements51.
3Namespace.
51.
4SchemaFile.
61.
5Terminology61.
5.
1NotationalConventions71.
6NormativeReferences81.
7Non-NormativeReferences92SecurityContextToken(SCT)103EstablishingSecurityContexts.
133.
1SCTBindingofWS-Trust143.
2SCTRequestExamplewithoutTargetScope.
143.
3SCTRequestExamplewithTargetScope.
153.
4SCTPropagationExample174AmendingContexts185RenewingContexts206CancelingContexts227DerivingKeys247.
1Syntax.
257.
2Examples277.
3ImpliedDerivedKeys.
288AssociatingaSecurityContext.
309ErrorHandling3210SecurityConsiderations33A.
SampleUsages34A.
1AnonymousSCT34A.
2MutualAuthenticationSCT.
35B.
TokenDiscoveryUsingRST/RSTR36C.
Acknowledgements37ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page5of401Introduction1Themechanismsdefinedin[WS-Security]providethebasicmechanismsontopofwhichsecure2messagingsemanticscanbedefinedformultiplemessageexchanges.
Thisspecificationdefines3extensionstoallowsecuritycontextestablishmentandsharing,andsessionkeyderivation.
Thisallows4contextstobeestablishedandpotentiallymoreefficientkeysornewkeymaterialtobeexchanged,5therebyincreasingtheoverallperformanceandsecurityofthesubsequentexchanges.
6The[WS-Security]specificationfocusesonthemessageauthenticationmodel.
Thisapproach,while7usefulinmanysituations,issubjecttoseveralformsofattack(seeSecurityConsiderationssectionof8[WS-Security]specification).
9Accordingly,thisspecificationintroducesasecuritycontextanditsusage.
Thecontextauthentication10modelauthenticatesaseriesofmessagestherebyaddressingtheseshortcomings,butrequires11additionalcommunicationsifauthenticationhappenspriortonormalapplicationexchanges.
1213Thesecuritycontextisdefinedasanew[WS-Security]tokentypethatisobtainedusingabindingof[WS-14Trust].
1516CompliantservicesareNOTREQUIREDtoimplementeverythingdefinedinthisspecification.
However,17ifaserviceimplementsanaspectofthespecification,itMUSTcomplywiththerequirementsspecified18(e.
g.
related"MUST"statements).
191.
1GoalsandNon-Goals20Theprimarygoalsofthisspecificationare:21Definehowsecuritycontextsareestablished22Describehowsecuritycontextsareamended23Specifyhowderivedkeysarecomputedandpassed2425Itisnotagoalofthisspecificationtodefinehowtrustisestablishedordetermined.
26Thisspecificationisintendedtoprovideaflexiblesetofmechanismsthatcanbeusedtosupportarange27ofsecurityprotocols.
Someprotocolsmayrequireseparatemechanismsorrestrictedprofilesofthis28specification.
291.
2Requirements30Thefollowinglistidentifiesthekeydrivingrequirements:31Derivedkeysandper-messagekeys32Extensiblesecuritycontexts331.
3Namespace34The[URI]thatMUSTbeusedbyimplementationsofthisspecificationis:35http://docs.
oasis-open.
org/ws-sx/ws-secureconversation/20051236Table1listsXMLnamespacesthatareusedinthisspecification.
Thechoiceofanynamespaceprefixis37arbitraryandnotsemanticallysignificant.
38ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page6of40Table1:PrefixesandXMLNamespacesusedinthisspecification.
39PrefixNamespaceSpecification(s)S11http://schemas.
xmlsoap.
org/soap/envelope/[SOAP]S12http://www.
w3.
org/2003/05/soap-envelope[SOAP12]wsuhttp://docs.
oasis-open.
org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.
0.
xsd[WS-Security]wssehttp://docs.
oasis-open.
org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
0.
xsd[WS-Security]wsthttp://docs.
oasis-open.
org/ws-sx/ws-trust/200512[WS-Trust]wschttp://docs.
oasis-open.
org/ws-sx/ws-secureconversation/200512Thisspecificationwsahttp://www.
w3.
org/2005/08/addressing[WS-Addressing]dshttp://www.
w3.
org/2000/09/xmldsig#[XML-Signature]xenchttp://www.
w3.
org/2001/04/xmlenc#[XML-Encrypt]1.
4SchemaFile40Theschema[XML-Schema1],[XML-Schema2]forthisspecificationcanbelocatedat:41http://docs.
oasis-open.
org/ws-sx/ws-secureconversation/200512/ws-42secureconversation.
xsd4344Inthisdocument,referenceismadetothewsu:Idattributeintheutilityschema.
Thesewereaddedto45theutilityschemawiththeintentthatotherspecificationsrequiringsuchanIDortimestampcould46referenceit(asisdonehere).
471.
5Terminology48Claim–Aclaimisastatementmadeaboutaclient,serviceorotherresource(e.
g.
name,identity,key,49group,privilege,capability,etc.
).
50SecurityToken–Asecuritytokenrepresentsacollectionofclaims.
51SecurityContext–Asecuritycontextisanabstractconceptthatreferstoanestablishedauthentication52stateandnegotiatedkey(s)thatmayhaveadditionalsecurity-relatedproperties.
53SecurityContextToken–Asecuritycontexttoken(SCT)isawirerepresentationofthatsecuritycontext54abstractconcept,whichallowsacontexttobenamedbyaURIandusedwith[WS-Security].
55SignedSecurityToken–Asignedsecuritytokenisasecuritytokenthatisassertedand56cryptographicallyendorsedbyaspecificauthority(e.
g.
anX.
509certificateoraKerberosticket).
57ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page7of40Proof-of-PossessionToken–Aproof-of-possession(POP)tokenisasecuritytokenthatcontains58secretdatathatcanbeusedtodemonstrateauthorizeduseofanassociatedsecuritytoken.
Typically,59althoughnotexclusively,theproof-of-possessioninformationisencryptedwithakeyknownonlytothe60recipientofthePOPtoken.
61Digest–Adigestisacryptographicchecksumofanoctetstream.
62Signature-Asignature[XML-Signature]isavaluecomputedwithacryptographicalgorithmandbound63todatainsuchawaythatintendedrecipientsofthedatacanusethesignaturetoverifythatthedatahas64notbeenalteredand/orhasoriginatedfromthesignerofthemessage,providingmessageintegrityand65authentication.
Thesignaturecanbecomputedandverifiedwithsymmetrickeyalgorithms,wherethe66samekeyisusedforsigningandverifying,orwithasymmetrickeyalgorithms,wheredifferentkeysare67usedforsigningandverifying(aprivateandpublickeypairareused).
68SecurityTokenService-Asecuritytokenservice(STS)isaWebservicethatissuessecuritytokens69(see[WS-Security]).
Thatis,itmakesassertionsbasedonevidencethatittrusts,towhoevertrustsit(or70tospecificrecipients).
Tocommunicatetrust,aservicerequiresproof,suchasasignature,toprove71knowledgeofasecuritytokenorsetofsecuritytoken.
Aserviceitselfcangeneratetokensoritcanrely72onaseparateSTStoissueasecuritytokenwithitsowntruststatement(notethatforsomesecuritytoken73formatsthiscanjustbeare-issuanceorco-signature).
Thisformsthebasisoftrustbrokering.
74RequestSecurityToken(RST)–ARSTisamessagesenttoasecuritytokenservicetorequesta75securitytoken.
76RequestSecurityTokenResponse(RSTR)–ARSTRisaresponsetoarequestforasecuritytoken.
77Inmanycasesthisisadirectresponsefromasecuritytokenservicetoarequestorafterreceivingan78RSTmessage.
However,inmulti-exchangescenariostherequestorandsecuritytokenservicemay79exchangemultipleRSTRmessagesbeforethesecuritytokenserviceissuesafinalRSTRmessage.
One80ormoreRSTRsarecontainedwithinasingleRequestSecurityTokenResponseCollection(RSTRC).
811.
5.
1NotationalConventions82Thekeywords"MUST","MUSTNOT","REQUIRED","SHALL","SHALLNOT","SHOULD","SHOULD83NOT","RECOMMENDED","MAY",and"OPTIONAL"inthisdocumentaretobeinterpretedasdescribed84in[RFC2119].
8586NamespaceURIsofthegeneralform"some-URI"representssomeapplication-dependentorcontext-87dependentURIasdefinedin[URI].
8889Thisspecificationusesthefollowingsyntaxtodefineoutlinesformessages:90ThesyntaxappearsasanXMLinstance,butvaluesinitalicsindicatedatatypesinsteadofliteral91values.
92Charactersareappendedtoelementsandattributestoindicatecardinality:93o""(0or1)94o"*"(0ormore)95o"+"(1ormore)96Thecharacter"|"isusedtoindicateachoicebetweenalternatives.
97Thecharacters"("and")"areusedtoindicatethatcontaineditemsaretobetreatedasagroup98withrespecttocardinalityorchoice.
99Thecharacters"["and"]"areusedtocalloutreferencesandpropertynames.
100Ellipses(i.
e.
indicatepointsofextensibility.
Additionalchildrenand/orattributesMAYbe101addedattheindicatedextensionpointsbutMUSTNOTcontradictthesemanticsoftheparent102ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page8of40and/orowner,respectively.
Bydefault,ifareceiverdoesnotrecognizeanextension,thereceiver103SHOULDignoretheextension;exceptionstothisprocessingrule,ifany,areclearlyindicated104below.
105XMLnamespaceprefixes(seeTable1)areusedtoindicatethenamespaceoftheelementbeing106defined.
107108ElementsandAttributesdefinedbythisspecificationarereferredtointhetextofthisdocumentusing109XPath1.
0expressions.
Extensibilitypointsarereferredtousinganextendedversionofthissyntax:110Anelementextensibilitypointisreferredtousing{any}inplaceoftheelementname.
This111indicatesthatanyelementnamecanbeused,fromanynamespaceotherthanthenamespaceof112thisspecification.
113Anattributeextensibilitypointisreferredtousing@{any}inplaceoftheattributename.
This114indicatesthatanyattributenamecanbeused,fromanynamespaceotherthanthenamespaceof115thisspecification.
116117Inthisdocumentreferenceismadetothewsu:Idattributeandthewsu:Createdandwsu:Expires118elementsinautilityschema(http://docs.
oasis-open.
org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1191.
0.
xsd).
Thewsu:Idattributeandthewsu:Createdandwsu:Expireselementswereaddedtothe120utilityschemawiththeintentthatotherspecificationsrequiringsuchanIDtypeattributeortimestamp121elementcouldreferenceit(asisdonehere).
1221231.
6NormativeReferences124[RFC2119]S.
Bradner,"KeywordsforuseinRFCstoIndicateRequirementLevels",RFC1252119,HarvardUniversity,March1997.
126http://www.
ietf.
org/rfc/rfc2119.
txt.
127[RFC2246]IETFStandard,"TheTLSProtocol",January1999.
128http://www.
ietf.
org/rfc/rfc2246.
txt129[SOAP]W3CNote,"SOAP:SimpleObjectAccessProtocol1.
1",08May2000.
130http://www.
w3.
org/TR/2000/NOTE-SOAP-20000508/.
131[SOAP12]W3CRecommendation,"SOAP1.
2Part1:MessagingFramework",24June1322003.
133http://www.
w3.
org/TR/2003/REC-soap12-part1-20030624/134[URI]T.
Berners-Lee,R.
Fielding,L.
Masinter,"UniformResourceIdentifiers(URI):135GenericSyntax",RFC3986,MIT/LCS,DaySoftware,AdobeSystems,January1362005.
137http://www.
ietf.
org/rfc/rfc3986.
txt138[WS-Addressing]W3CRecommendation,"WebServicesAddressing(WS-Addressing)",9May1392006.
140http://www.
w3.
org/TR/2006/REC-ws-addr-core-20060509.
141[WS-Security]OASISStandard,"OASISWebServicesSecurity:SOAPMessageSecurity1.
0142(WS-Security2004)",March2004.
143http://docs.
oasis-open.
org/wss/2004/01/oasis-200401-wss-soap-message-144security-1.
0.
pdf145OASISStandard,"OASISWebServicesSecurity:SOAPMessageSecurity1.
1146(WS-Security2004)",February2006.
147http://www.
oasis-open.
org/committees/download.
php/16790/wss-v1.
1-spec-os-148SOAPMessageSecurity.
pdf149[WS-Trust]OASISCommitteeDraft,"WS-Trust1.
3",September2006150http://docs.
oasis-open.
org/ws-sx/ws-trust/200512151ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page9of40[XML-Encrypt]W3CRecommendation,"XMLEncryptionSyntaxandProcessing",10December1522002.
153http://www.
w3.
org/TR/2002/REC-xmlenc-core-20021210/.
154[XML-Schema1]W3CRecommendation,"XMLSchemaPart1:StructuresSecondEdition",28155October2004.
156http://www.
w3.
org/TR/2004/REC-xmlschema-1-20041028/.
157[XML-Schema2]W3CRecommendation,"XMLSchemaPart2:DatatypesSecondEdition",28158October2004.
159http://www.
w3.
org/TR/2004/REC-xmlschema-2-20041028/.
160[XML-Signature]W3CRecommendation,"XML-SignatureSyntaxandProcessing",12February1612002.
162http://www.
w3.
org/TR/2002/REC-xmlenc-core-20021210/1631.
7Non-NormativeReferences164[WS-MEX]"WebServicesMetadataExchange(WS-MetadataExchange)",BEA,Computer165Associates,IBM,Microsoft,SAP,SunMicrosystems,Inc.
,webMethods,166September2004.
167[WS-Policy]W3CMemberSubmission,"WebServicesPolicy1.
2-Framework",25April1682006.
169http://www.
w3.
org/Submission/2006/SUBM-WS-Policy-20060425/170[WS-PolicyAttachment]W3CMemberSubmission,"WebServicesPolicy1.
2-Attachment",25171April2006.
172http://www.
w3.
org/Submission/2006/SUBM-WS-PolicyAttachment-20060425/173ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page10of402SecurityContextToken(SCT)174Whilemessageauthenticationisusefulforsimpleorone-waymessages,partiesthatwishtoexchange175multiplemessagestypicallyestablishasecuritycontextinwhichtoexchangemultiplemessages.
A176securitycontextissharedamongthecommunicatingpartiesforthelifetimeofacommunicationssession.
177178Inthisspecification,asecuritycontextisrepresentedbythesecurity179token.
Inthe[WS-Security]and[WS-Trust]framework,thefollowingURIisusedtorepresentthetoken180type:181http://docs.
oasis-open.
org/ws-sx/ws-secureconversation/200512/sct182183TheSecurityContextTokendoesnotsupportreferencestoitusingkeyidentifiersorkeynames.
All184referencesMUSTeitheruseanID(toawsu:Idattribute)oratothe185element.
186187Oncethecontextandsecrethavebeenestablished(authenticated),themechanismsdescribedin188DerivedKeyscanbeusedtocomputederivedkeysforeachkeyusageinthesecurecontext.
189190Thefollowingillustrationrepresentsanoverviewofthesyntaxofthe191element.
Itshouldbenotedthatthistokensupportsanopencontentmodeltoallowcontext-specificdata192tobepassed.
193.
.
.
195.
.
.
196.
.
.
197198199Thefollowingdescribeselementsandattributesusedinaelement.
200/wsc:SecurityContextToken201Thiselementisasecuritytokenthatdescribesasecuritycontext.
202/wsc:SecurityContextToken/wsc:Identifier203ThisrequiredelementidentifiesthesecuritycontextusinganabsoluteURI.
Eachsecuritycontext204URIMUSTbeuniquetoboththesenderandrecipient.
ItisRECOMMENDEDthatthevaluebe205globallyuniqueintimeandspace.
206/wsc:SecurityContextToken/wsc:Instance207Whencontextsarerenewedandgivendifferentkeysitisnecessarytoidentifythedifferentkey208instanceswithoutrevealingtheactualkey.
Whenpresentthisoptionalelementcontainsastring209thatisuniqueforagivenkeyvalueforthiswsc:Identifier.
Theinitialissuanceneednot210containawsc:Instanceelement,however,allsubsequentissuanceswithdifferentkeysMUST211haveawsc:Instanceelementwithauniquevalue.
212/wsc:SecurityContextToken/@wsu:Id213Thisoptionalattributespecifiesastringlabelforthiselement.
214/wsc:SecurityContextToken/@{any}215ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page11of40Thisisanextensibilitymechanismtoallowadditionalattributes,basedonschemas,tobeadded216totheelement.
217/wsc:SecurityContextToken/{any}218Thisisanextensibilitymechanismtoallowadditionalelements(arbitrarycontent)tobeused.
219220ThetokenelementsMUSTbepreserved.
Thatis,whateverelements221containedwithinthetagoncreationMUSTbepreservedwhereverthetokenisused.
Aconsumerofa222tokenMAYextendthetokenbyappendinginformation.
223Consequentlyproducersoftokensshouldconsiderthisfactwhen224processingpreviouslygeneratedtokens.
Aserviceconsuming(processing)a225tokenMAYfaultifitdiscoversanelementorattributeinsidethetoken226thatitdoesn'tunderstand,oritMAYignoreit.
Thefaultcodewsc:UnsupportedContextTokenis227RECOMMENDEDifafaultisraised.
Thebehaviorisspecifiedbytheservicespolicy[WS-Policy][WS-228PolicyAttachment].
Careshouldbetakenwhenaddinginformationtotokenstoensurethatrelyingparties229canensuretheinformationhasnotbeenalteredsincetheSCTdefinitiondoesnotrequireaspecificway230tosecureitscontents(whichasnotedabovecanbeappendedto).
231232Securitycontexts,likeallsecuritytokens,canbereferencedusingthemechanismsdescribedin[WS-233Security](theelementreferencingthewsu:Idattributerelativeto234theXMLbasedocumentorreferencingusingtheelement'sabsoluteURI).
Whena235tokenisreferenced,theassociatedkeyisused.
Ifatokenprovidesmultiplekeysthenspecificbindings236andprofilesmustdescribehowtoreferencetheseparatekeys.
Ifaspecifickeyinstanceneedstobe237referenced,thentheglobalattributewsc:Instanceisincludedinthesub-element238(onlywhenusingreferences)ofthe239elementasillustratedbelow:240241242243244Thefollowingsamplemessageillustratestheuseofasecuritycontexttoken.
Inthisexampleacontext245hasbeenestablishedandthesecretisknowntobothparties.
Thissecretisusedtosignthemessage246body.
247(001)248(002)250(003)251(004).
.
.
252(005)253(006)254(007)uuid:.
.
.
255(008)256(009)257(010).
.
.
258(011)259(012)260(013)261(014)262(015)263(016)264(017)265(018)266(019)267ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page12of40(020)269QQQ270271(021)272(022)273274Let'sreviewsomeofthekeysectionsofthisexample:275Lines(003)-(018)containtheSOAPmessageheaders.
276Lines(005)-(017)representtheheaderblock.
Thiscontainsthesecurity-related277informationforthemessage.
278Lines(006)-(008)specifyasecuritytokenthatisassociatedwiththemessage.
Inthiscaseitisasecurity279contexttoken.
Line(007)specifiestheuniqueIDofthecontext.
280Lines(009)-(016)specifythedigitalsignature.
Inthisexample,thesignatureisbasedonthesecurity281context(specificallythesecret/keyassociatedwiththecontext).
Line(010)representsthetypical282contentsofanXMLDigitalSignaturewhich,inthiscase,referencesthebodyandpotentiallysomeofthe283otherheadersexpressedbyline(004).
284285Lines(012)-(014)indicatethekeythatwasusedforthesignature.
Inthiscase,itisthesecuritycontext286tokenincludedinthemessage.
Line(013)providesaURIlinktothesecuritycontexttokenspecifiedin287Lines(006)-(008).
288Thebodyofthemessageisrepresentedbylines(019)-(021).
289ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page13of403EstablishingSecurityContexts290Asecuritycontextneedstobecreatedandsharedbythecommunicatingpartiesbeforebeingused.
This291specificationdefinesthreedifferentwaysofestablishingasecuritycontextamongthepartiesofasecure292communication.
293294Securitycontexttokencreatedbyasecuritytokenservice–Thecontextinitiatorasksasecurity295tokenservicetocreateanewsecuritycontexttoken.
Thenewlycreatedsecuritycontexttokenis296distributedtothepartiesthroughthemechanismsdefinedhereandin[WS-Trust].
Forthisscenariothe297initiatingpartysendsarequesttothetokenserviceanda298containinga299isreturned.
Theresponsecontainsa300containing(orpointingto)thenewsecuritycontexttokenanda301pointingtothe"secret"forthereturnedcontext.
Therequestorthen302usesthesecuritycontexttoken(with[WS-Security])whensecuringmessagestoapplicableservices.
303304Securitycontexttokencreatedbyoneofthecommunicatingpartiesandpropagatedwitha305message–Theinitiatorcreatesasecuritycontexttokenandsendsittotheotherpartiesonamessage306usingthemechanismsdescribedinthisspecificationandin[WS-Trust].
Thismodelworkswhenthe307senderistrustedtoalwayscreateanewsecuritycontexttoken.
Forthisscenariotheinitiatingparty308createsasecuritycontexttokenandissuesasignedunsolicited309totheotherparty.
Themessagecontainsa310containing(orpointingto)thenewsecuritycontexttokenanda311pointingtothe"secret"forthesecuritycontexttoken.
Therecipient312canthenchoosewhetherornottoacceptthesecuritycontexttoken.
Asdescribedin[WS-Trust],the313elementMAYbeinthe314withinabodyorinsideaheaderblock.
It315shouldbenotedthatunlessdelegationtokensareused,thisscenariorequiresthatpartiestrusteach316othertoshareasecretkey(andnon-repudiationisprobablynotpossible).
Asreceiptofthesemessages317maybeexpensive,andbecausearecipientmayreceivemultiplemessages,the318…/wst:RequestSecurityTokenResponse/@Contextattributein[WS-Trust]allowstheinitiatortospecifya319URItoindicatetheintendedusage(allowingprocessingtobeoptimized).
320321Securitycontexttokencreatedthroughnegotiation/exchanges–Whenthereisaneedtonegotiate322orparticipateinasequenceofmessageexchangesamongtheparticipantsonthecontentsofthe323securitycontexttoken,suchasthesharedsecret,thisspecificationallowsthepartiestoexchangedatato324establishasecuritycontext.
Forthisscenariotheinitiatingpartysendsa325requesttotheotherpartyanda326isreturned.
ItisRECOMMENDEDthattheframework327describedin[WS-Trust]beused;however,thetypeofexchangewilllikelyvary.
Ifappropriate,thebasic328challenge-responsedefinitionin[WS-Trust]isRECOMMENDED.
Ultimately(ifsuccessful),afinal329responsecontainsacontaining(orpointingto)thenewsecurity330contextandapointingtothe"secret"forthecontext.
331IfanSCTisreceived,butthekeysizesarenotsupported,thenafaultSHOULDbegeneratedusingthe332wsc:UnsupportedContextTokenfaultcodeunlessanothermorespecificfaultcodeisavailable.
333ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page14of403.
1SCTBindingofWS-Trust334Thisbindingdescribeshowtouse[WS-Trust]torequestandreturnSCTs.
Thisbindingbuildsonthe335issuancebindingfor[WS-Trust](notethatothersectionsofthisspecificationdefinenewseparate336bindingsof[WS-Trust]).
Consequently,aspectsoftheissuancebindingapplytothisbindingunless337otherwisestated.
Forexample,thetokenrequesttypeisthesameasintheissuancebinding.
338339WhenrequestingandreturningsecuritycontexttokensthefollowingActionURIs[WS-Addressing]are340used(notethataspecializedactionisusedherebecauseofthespecializedsemanticsofSCTs):341http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RST/SCT342http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RSTR/SCT343344Aswithalltokenservices,theoptionssupportedmaybelimited.
ThisisespeciallytrueofSCTsbecause345theissuermayonlybeabletoissuetokensforitselfandquiteoftenwillonlysupportaspecificsetof346algorithmsandparametersasexpressedinitspolicy.
347SCTsarenotrequiredtohavelifetimesemantics.
Thatis,someSCTsmayhavespecificlifetimesand348othersmaybeboundtootherresourcesratherthanhavetheirownlifetimes.
349SincetheSCTbindingbuildsontheissuancebinding,itallowstheoptionalextensionsdefinedforthe350issuancebindingincludingtheuseofexchanges.
SubsequentprofilesMAYrestricttheextensionsand351typesandusageofexchanges.
3523.
2SCTRequestExamplewithoutTargetScope353ThefollowingillustratesarequestforaSCTfromasecuritytokenservice.
Therequestinthisexample354containsnoinformationconcerningtheWebServicewithwhomtherequestorwantstocommunicate355securely(e.
g.
usingthewsp:AppliesToparameterintheRST).
Inorderforthesecuritytokenserviceto356processthisrequestitmusthavepriorknowledgeforwhichWebServicetherequestorneedsatoken.
357ThismaybepreconfiguredalthoughitistypicallypassedintheRST.
Inthisexamplethekeyisencrypted358fortherecipient(securitytokenservice)usingthetokenservice'sX.
509certificateasperXMLEncryption359[XML-Encrypt].
Theencrypteddata(usingtheencryptedkey)containsa360tokenthattherecipientusestoauthorizetherequest.
Therequestissecured(integrity)usingtheX.
509361certificateoftherequestor.
Theresponseencryptstheproofinformationusingtherequestor'sX.
509362certificateandsecuresthemessage(integrity)usingthetokenservice'sX.
509certificate.
Notethatthe363detailsofXMLSignatureandXMLEncryptionhavebeenomitted;referto[WS-Security]foradditional364details.
Itshouldbenotedthatiftherequestordoesn'thaveanX.
509certificatethisscenariocouldbe365achievedusingaTLS[RFC2246]connectionorbycreatinganephemeralkey.
366368369.
.
.
370371http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RST/SCT372373.
.
.
374375376.
.
.
377378379.
.
.
encryptedusernametoken(whoseidismyToken).
.
.
380381382.
.
.
383ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page15of40384385386387388389390.
.
.
391392393394395http://docs.
oasis-open.
org/ws-sx/ws-396secureconversation/200512/sct397398399http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/Issue400401402403404405407408.
.
.
409410http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RSTR/SCT411412.
.
.
413414415416417418419uuid:.
.
.
420421422423424.
.
.
4254264274284294304313.
3SCTRequestExamplewithTargetScope432TherearescenarioswhereasecuritytokenserviceisusedtobrokertrustusingSCTtokensbetween433requestorsandWebServicesendpoints.
Inthesecasesitistypicalforrequestorstoidentifythetarget434WebServiceintheRST.
435Intheexamplebelowtherequestorusestheelementwithanendpointreferenceas436describedin[WS-Trust]intheSCTrequesttoindicatetheWebServicethetokenisneededfor.
437Intherequestexamplebelowtheelementisomitted.
Thisrequiresthatthesecurity438tokenserviceknowwhattypeoftokentheendpointreferencedintheelementexpects.
439441442.
.
.
443444http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RST/SCT445446.
.
.
447448.
.
.
449450.
.
.
451452453454455http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/Issue456457458459http://example.
org/webservice460461462463464465466469470471http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RSTR/SCT472473.
.
.
474475476477478479480uuid:.
.
.
481482483484485.
.
.
486487488489490http://example.
org/webservice491492493494495496497498ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page17of403.
4SCTPropagationExample499Thefollowingillustratespropagatingacontexttoanotherparty.
Thisexampledoesnotcontainany500informationregardingtheWebServicetheSCTisintendedfor(e.
g.
usingthewsp:AppliesToparameter501intheRST).
502504505.
.
.
506507508509510511uuid:.
.
.
512513514515516.
.
.
517518519520521522ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page18of404AmendingContexts523WhenanSCTiscreated,asetofclaimsisassociatedwithit.
TherearetimeswhenanexistingSCT524needstobeamendedtocarryadditionalclaims(notethatthedecisionastowhoisauthorizedtoamend525acontextisaservice-specificdecision).
ThisisdoneusingtheSCTAmendbinding.
Insuchcasesan526explicitrequestismadetoamendtheclaimsassociatedwithanSCT.
Itshouldbenotedthatusingthe527mechanismsdescribedin[WS-Trust],anissuerMAY,atanytime,returnanamendedSCTbyissuingan528unsolicited(notexplicitlyrequested)SCTinsideanRSTR(eitherasaseparatemessageorinaheader).
529ThefollowingActionURIsareusedwiththisbinding:530http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RST/SCT/Amend531http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RSTR/SCT/Amend532533ThisbindingallowsoptionalextensionsbutDOESNOTallowkeysemanticstobealtered.
534ProofofpossessionofthekeyassociatedwiththesecuritycontextMUSTbeproveninorderforcontext535tobeamended.
ItisRECOMMENDEDthattheproofofpossessionisdonebycreatingasignatureover536themessagebodyandkeyheadersusingthekeyassociatedwiththesecuritycontext.
537AdditionalclaimstoamendthesecuritycontextwithMUSTbeindicatedbyprovidingsignaturesoverthe538securitycontextsignaturecreatedusingthekeyassociatedwiththesecuritycontext.
Thoseadditional539signaturesareusedtoproveadditionalsecuritytokensthatcarryclaimstoaugmentthesecuritycontext.
540Thisbindingusestherequesttypefromtheissuancebinding.
541543544.
.
.
545546http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RST/SCT/Amend547548.
.
.
549550551.
.
.
552553554.
.
.
signatureover#sig1using#cust.
.
.
555556557uuid:.
.
.
UUID1.
.
.
558559560.
.
.
signatureoverbodyandkeyheadersusing#sct.
.
.
561562563564565566.
.
.
567568569.
.
.
570571572ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page19of40573574http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/Issue575576577578579580581582.
.
.
583584http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RSTR/SCT/Amend585586.
.
.
587588589590591592593uuid:.
.
.
UUID1.
.
.
594595596597598599600ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page20of405RenewingContexts601Whenasecuritycontextiscreatedittypicallyhasanassociatedexpiration.
Ifarequestordesiresto602extendthedurationofthetokenitusesthisspecializedbindingoftherenewalmechanismdefinedinWS-603Trust.
ThefollowingActionURIsareusedwiththisbinding:604http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RST/SCT/Renew605http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RSTR/SCT/Renew606607ThisbindingallowsoptionalextensionsbutDOESNOTallowkeysemanticstobealtered.
608ArenewalMUSTincludere-authenticationoftheoriginalclaimsbecausetheoriginalclaimsmighthave609anexpirationtimethatconflictswiththerequestedexpirationtimeintherenewalrequest.
Becausethe610securitycontexttokenissuerisnotrequiredtocachesuchinformationfromtheoriginalissuancerequest,611therequestorisrequiredtore-authenticatetheoriginalclaimsineveryrenewalrequest.
Itis612RECOMMENDEDthattheoriginalclaimsre-authenticationisdoneinthesamewayasintheoriginal613tokenissuancerequest.
614ProofofpossessionofthekeyassociatedwiththesecuritycontextMUSTbeproveninorderforsecurity615contexttoberenewed.
ItisRECOMMENDEDthatthisisdonebycreatingtheoriginalclaimssignature616overthesignaturethatsignsmessagebodyandkeyheaders.
617Duringrenewal,newkeymaterialMAYbeexchanged.
SuchkeymaterialMUSTNOTbeprotectedusing618theexistingsessionkey.
619Thisbindingusestherequesttypefromtherenewalbinding.
620Thefollowingexampleillustratesarenewalwhichre-provestheoriginalclaims.
621623624.
.
.
625626http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RST/SCT/Renew627628.
.
.
629630631.
.
.
632633634.
.
.
signatureoverbodyandkeyheadersusing#cust.
.
.
635636637uuid:.
.
.
UUID1.
.
.
638639640.
.
.
signatureover#sig1using#sct.
.
.
641642643.
.
.
644645646647648ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page21of40http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/Renew649650651652653654655.
.
.
656657658659660661662.
.
.
663664http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RSTR/SCT/Renew665666.
.
.
667668669670671672673uuid:.
.
.
UUID1.
.
.
674UUID2675676677.
.
.
678679680681682ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page22of406CancelingContexts683Itisnotuncommonforarequestortobedonewithasecuritycontexttokenbeforeitexpires.
Insuch684casestherequestorcanexplicitlycancelthesecuritycontextusingthisspecializedbindingbasedonthe685WS-TrustCancelbinding.
686ThefollowingActionURIsareusedwiththisbinding:687http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RST/SCT/Cancel688http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RSTR/SCT/Cancel689690OnceasecuritycontexthasbeencancelleditMUSTNOTbeallowedforauthenticationorauthorization691orallowrenewal.
692693ProofofpossessionofthekeyassociatedwiththesecuritycontextMUSTbeproveninorderforsecurity694contexttobecancelled.
ItisRECOMMENDEDthatthisisdonebycreatingasignatureoverthemessage695bodyandkeyheadersusingthekeyassociatedwiththesecuritycontext.
696697ThisbindingusestheCancelrequesttypefromWS-Trust.
698699AsdescribedinWS-TrusttheRSTRcancelmessageisinformationalandthecontextiscancelledonce700thecancelRSTisprocessedevenifthecancelRSTRisneverreceivedbytherequestor.
701702Thefollowingexampleillustratescancelingacontext.
703705706.
.
.
707708http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RST/SCT/Cancel709710.
.
.
711712713uuid:.
.
.
UUID1.
.
.
714715716.
.
.
signatureoverbodyandkeyheadersusing#sct.
.
.
717718719.
.
.
720721722723724http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/Cancel725726727728729730731732ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page23of40733734735736737.
.
.
738739http://docs.
oasis-open.
org/ws-sx/ws-trust/200512/RSTR/SCT/Cancel740741.
.
.
742743744745746747748749750751ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page24of407DerivingKeys752Asecuritycontexttokenimpliesorcontainsasharedsecret.
ThissecretMAYbeusedforsigningand/or753encryptingmessages,butitisRECOMMENDEDthatderivedkeysbeusedforsigningandencrypting754messagesassociatedonlywiththesecuritycontext.
755756Usingacommonsecret,partiesmaydefinedifferentkeyderivationstouse.
Forexample,fourkeysmay757bederivedsothattwopartiescansignandencryptusingseparatekeys.
Inordertokeepthekeysfresh758(preventprovidingtoomuchdataforanalysis),subsequentderivationsmaybeused.
Weintroducethe759tokenasamechanismforindicatingwhichderivationisbeingusedwithina760givenmessage.
761762Thederivedkeymechanismcanusedifferentalgorithmsforderivingkeys.
Thealgorithmisexpressed763usingaURI.
Thisspecificationdefinesonesuchalgorithm.
764765Aswell,whilepresentedhereusingsecuritycontexttokens,thetokencan766beusedtoderivekeysfromanysecuritytokenthathasasharedsecret,key,orkeymaterial.
767768WeuseasubsetofthemechanismdefinedforTLSinRFC2246.
Specifically,weusetheP_SHA-1769functiontogenerateasequenceofbytesthatcanbeusedtogeneratesecuritykeys.
Werefertothis770algorithmas:771http://docs.
oasis-open.
org/ws-sx/ws-772secureconversation/200512/dk/p_sha1773774Thisfunctionisusedwiththreevalues–secret,label,andseed.
Thesecretisthesharedsecretthatis775exchanged(notethatiftwosecretsweresecurelyexchanged,possiblyaspartofaninitialexchange,they776areconcatenatedintheordertheyweresent/received).
Secretsareprocessedasoctetsrepresenting777theirbinaryvalue(valuepriortoencoding).
Thelabelistheconcatenationoftheclient'slabelandthe778service'slabel.
Theselabelscanbediscoveredineachparty'spolicy(orspecificallywithina779token).
LabelsareprocessedasUTF-8encodedoctets.
Ifeitherisn't780specifiedinthepolicy,thenadefaultvalueof"WS-SecureConversation"(representedasUTF-8octets)is781used.
Theseedistheconcatenationofnoncevalues(ifmultiplewereexchanged)thatwereexchanged782(initiator+receiver).
Thenonceisprocessedasabinaryoctetsequence(thevaluepriortobase64783encoding).
Thenonceseedisrequired,andMUSTbegeneratedbyoneormoreofthecommunicating784parties.
TheP_SHA-1functionhastwoparameters–secretandvalue.
Weconcatenatethelabeland785theseedtocreatethevalue.
Thatis:786P_SHA1(secret,label+seed)787788Atthispoint,bothpartiescanusetheP_SHA-1functiontogeneratesharedkeysasneeded.
Forthis789protocol,wedon'tdefineexplicitderivationuses.
790791Theelementisusedtoindicatethatthekeyforaspecificreferenceis792generatedfromthefunction.
Thisissothatexplicitsecuritytokens,secrets,orkeymaterialneednotbe793exchangedasoftentherebyincreasingefficiencyandoverallscalability.
However,partiesMUST794ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page25of40mutuallyagreeonspecificderivations(e.
g.
thefirst128bitsistheclient'ssignaturekey,thenext128bits795intheclient'sencryptionkey,andsoon).
Thepolicypresentsamethodforspecifyingthisinformation.
796TheRECOMMENDEDapproachistouseseparatenoncesandhaveindependentlygeneratedkeysfor797signingandencryptingineachdirection.
Furthermore,itisRECOMMENDEDthatnewkeysbederived798foreachmessage(i.
e.
,previousnoncesarenotre-used).
799800Oncethepartiesdetermineasharedsecrettouseasthebasisofakeygenerationsequence,aninitial801keyisgeneratedusingthissequence.
Whenanewkeyisrequired,anew802maybepassedreferencingthepreviouslygeneratedkey.
Therecipientthenknowstousethesequence803togenerateanewkey,whichwillmatchthatspecifiedinthesecuritytoken.
Ifbothpartiespre-agreeon804keysequencing,thenadditionaltokenexchangesarenotrequired.
805806Forkeysderivedusingasharedsecretfromasecuritycontext,the807elementSHOULDbeusedtoreferencethe808.
Basically,asignatureorencryptionreferencesa809intheheaderthat,inturn,referencesthe810.
811812Derivedkeysareexpressedassecuritytokens.
ThefollowingURIisusedtorepresentthetokentype:813http://docs.
oasis-open.
org/ws-sx/ws-secureconversation/200512/dk814815Thederivedkeytokendoesnotsupportreferencesusingkeyidentifiersorkeynames.
Allreferences816MUSTuseanID(toawsu:Idattribute)oraURIreferencetotheelementinthe817SCT.
8187.
1Syntax819Thefollowingillustratesthesyntaxfor:820822.
.
.
823.
.
.
824.
.
.
825.
.
.
826.
.
.
827.
.
.
828.
.
.
829830831Thefollowingdescribestheattributesandtagslistedintheschemaoverviewabove:832/wsc:DerivedKeyToken833Thisspecifiesakeythatisderivedfromasharedsecret.
834/wsc:DerivedKeyToken/@wsu:Id835ThisoptionalattributespecifiesanXMLIDthatcanbeusedlocallytoreferencethiselement.
836/wsc:DerivedKeyToken/@Algorithm837ThisoptionalURIattributespecifieskeyderivationalgorithmtouse.
Thisspecificationpredefines838theP_SHA1algorithmdescribedabove.
Ifthisattributeisn'tspecified,thisalgorithmisassumed.
839ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page26of40/wsc:DerivedKeyToken/wsse:SecurityTokenReference840Thisoptionalelementisusedtospecifysecuritycontexttoken,securitytoken,orshared841key/secretusedforthederivation.
Ifnotspecified,itisassumedthattherecipientcandetermine842thesharedkeyfromthemessagecontext.
Ifthecontextcannotbedetermined,thenafaultsuch843aswsc:UnknownDerivationSourceshouldberaised.
844/wsc:DerivedKeyToken/wsc:Properties845Thisoptionalelementallowsmetadatatobeassociatedwiththisderivedkey.
Forexample,ifthe846propertyisdefined,thisderivedkeyisgivenaURInamethatcanthenbeusedas847thesourceforotherderivedkeys.
Theandelementscanbe848specifiedaspropertiesandindicatethenonceandlabeltouse(defaults)forallkeysderivedfrom849thiskey.
850/wsc:DerivedKeyToken/wsc:Properties/wsc:Name851ThisoptionalelementisusedtogivethisderivedkeyaURInamethatcanthenbeusedasthe852sourceforotherderivedkeys.
853/wsc:DerivedKeyToken/wsc:Properties/wsc:Label854Thisoptionalelementdefinesalabeltouseforallkeysderivedfromthiskey.
See855/wsc:DerivedKeyToken/wsc:Labeldefinedbelow.
856/wsc:DerivedKeyToken/wsc:Properties/wsc:Nonce857Thisoptionalelementdefinesanoncetouseforallkeysderivedfromthiskey.
See858/wsc:DerivedKeyToken/wsc:Noncedefinedbelow.
859/wsc:DerivedKeyToken/wsc:Properties/{any}860Thisisanextensibilitymechanismtoallowadditionalelements(arbitrarycontent)tobeused.
861/wsc:DerivedKeyToken/wsc:Generation862Iffixed-sizekeys(generations)arebeinggenerated,thenthisoptionalelementcanbeusedto863specifywhichgenerationofthekeytouse.
Thevalueofthiselementisanunsignedlongvalue864indicatingthegenerationnumbertouse(beginningwithzero).
ThiselementMUSTNOTbeused865iftheelementisspecified.
Specifyingthiselementisequivalenttospecifyingthe866andelementshavingmultipliedoutthevalues.
Thatis,offset=867(generation)*fixed_sizeandlength=fixed_size.
868/wsc:DerivedKeyToken/wsc:Offset869Iffixed-sizekeysarenotbeinggenerated,thentheand870elementsindicatewhereinthebytestreamtofindthegeneratedkey.
Thisspecifiestheordering871(inbytes)ofthegeneratedoutput.
Thevalueofthisoptionalelementisanunsignedlongvalue872indicatingthebyteposition(startingat0).
Forexample,0indicatesthefirstbyteofoutputand16873indicatesthe17thbyteofgeneratedoutput.
ThiselementMUSTNOTbeusedifthe874elementisspecified.
Itshouldbenotedthatnotallalgorithmswillsupport875theandelements.
876/wsc:DerivedKeyToken/wsc:Length877Thiselementspecifiesthelength(inbytes)ofthederivedkey.
Thisoptionalelementcanbe878specifiedinconjunctionwithor.
Ifthisisn'tspecified,itis879assumedthattherecipientknowsthekeysizetouse.
Thevalueofthiselementisanunsigned880longvalueindicatingthesizeofthekeyinbytes(e.
g.
,16).
881/wsc:DerivedKeyToken/wsc:Label882Thelabelcanbespecifiedwithinausingthewsc:Labelelement.
Ifthe883labelisn'tspecifiedthenadefaultvalueof"WS-SecureConversationWS-SecureConversation"884(representedasUTF-8octets)isused.
LabelsareprocessedasUTF-8encodedoctets.
885ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page27of40/wsc:DerivedKeyToken/wsc:Nonce886Ifspecified,thisoptionalelementspecifiesabase64encodednoncethatisusedinthekey887derivationfunctionforthisderivedkey.
Ifthisisn'tspecified,itisassumedthattherecipient888knowsthenoncetouse.
Notethatonceanonceisusedforaderivationsequence,thesame889nonceSHOULDbeusedforallsubsequentderivations.
890891Ifadditionalinformationisnotspecified(suchasexplicitelementsorpolicy),thenthefollowingdefaults892apply:893Theoffsetis0894Thelengthis32bytes(256bits)895896ItisRECOMMENDEDthatseparatederivedkeysbeusedtostrengthenthecryptography.
Ifmultiplekeys897areused,thencareshouldbetakennottoderivetoomanytimesandriskkeyattacks.
8987.
2Examples899Thefollowingexampleillustratesamessagesentusingtwoderivedkeys,oneforsigningandonefor900encrypting:901903904905906uuid:.
.
.
UUID2.
.
.
907908909910911912KJHFRE.
.
.
913914915.
.
.
916917918919920921.
.
.
922923924uuid:.
.
.
UUID1.
.
.
925926927928929930KJHFRE.
.
.
931932933.
.
.
934935936937938939.
.
.
940ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page28of40941942.
.
.
943944945.
.
.
946947948949Thefollowingillustratesthesyntaxforaderivedkeybasedonthe3rdgenerationofthesharedkey950identifiedinthespecifiedsecuritycontext:9519529539549552956957958Thefollowingillustratesthesyntaxforaderivedkeybasedonthe1stgenerationofakeyderivedfroman959existingderivedkey(4thgeneration):960961962.
.
.
/derivedKeySource963NewLabel964FHFE.
.
.
96596639679689699709719729730974975976Intheexampleabovewehavenamedaderivedkeysothatotherkeyscanbederivedfromit.
Todothis977weusetheelementnametagtoassignaglobalnameattribute.
Notethatinthis978example,theIDattributecouldhavebeenusedtonamethebasederivedkeyifwedidn'twantittobea979globallynamedresource.
Wehavealsoincludedtheandelementsas980metadatapropertiesindicatinghowtoderivesequencesofthisderivation.
9817.
3ImpliedDerivedKeys982Thisspecificationalsodefinesashortcutmechanismforreferencingcertaintypesofderivedkeys.
983Specifically,a@wsc:Nonceattributecanalsobeaddedtothesecuritytokenreference(STR)definedin984the[WS-Security]specification.
Whenpresent,itindicatesthatthekeyisnotinthereferencedtoken,but985isakeyderivedfromthereferencedtoken'skey/secret.
The@wsc:Lengthattributecanbeusedin986conjunctionwith@wsc:Nonceinthesecuritytokenreference(STR)toindicatethelengthofthederived987key.
Thevalueofthisattributeisanunsignedlongvalueindicatingthesizeofthekeyinbytes.
Ifthis988attributeisn'tspecified,thedefaultderivedkeylengthvalueis32.
989990ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page29of40Consequently,thefollowingtwoillustrationsarefunctionallyequivalent:991993.
.
.
994995996997998.
.
.
99910001001.
.
.
100210031004100510061007100810091010Thisisfunctionallyequivalenttothefollowing:10111013.
.
.
10141015.
.
.
10161017101810191020102110221023ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page30of408AssociatingaSecurityContext1024ForavarietyofreasonsitmaybenecessarytoreferenceaSecurityContextToken.
Thesereferences1025canbebrokenintotwogeneralcategories:referencesfromwithintheelement,1026generallyusedtoindicatethekeyusedinasignatureorencryptionoperationandreferencesfromother1027partsoftheSOAPenvelope,forexampletospecifyatokentobeusedinsomeparticularway.
1028ReferenceswithintheelementcanfurtherbedividedintoreferencetoanSCT1029foundwithinthemessageandreferencestoaSCTnotpresentinthemessage.
10301031TheSecurityContextTokendoesnotsupportreferencestoitusingkeyidentifiersorkeynames.
All1032referencesMUSTeitheruseanID(toawsu:Idattribute)oratothe1033element.
10341035ReferencesusinganIDaremessage-specific.
Referencesusingtheelementvalue1036aremessageindependent.
10371038IftheSCTisreferencedfromwithintheelementorfromanRSTorRSTR,itis1039RECOMMENDEDthatthesereferencesbemessageindependent,butthesereferencesMAYbe1040message-specific.
AreferencefromtheRST/RSTRistreateddifferentlythanotherreferencesfromthe1041SOAPBodyastheRST/RSTRisexclusivelydealingwithsecurityrelatedinformationsimilartothe1042element.
10431044WhenanSCTlocatedintheelementisreferencedfromoutsidethe1045element,amessageindependentreferencingmechanismsMUSTbeused,to1046enableacleanlylayeredprocessingmodelunlessthereisaprioragreementbetweentheinvolvedparties1047tousemessage-specificreferencingmechanism.
10481049WhenanSCTisreferencedfromwithintheelement,buttheSCTisnotpresentin1050themessage,(presumablybecauseitwastransmittedinapreviousmessage)amessageindependent1051referencingmechanismMUSTbeused.
10521053Thefollowingexampleillustratesassociatingaspecificsecuritycontextwithanaction.
105410561057.
.
.
105810591060uuid:.
.
.
UUID1.
.
.
106110621063.
.
.
signatureoverbodyandkeyheadersusing#sct1.
.
.
106410651066uuid:.
.
.
UUID2.
.
.
106710681069.
.
.
signatureoverbodyandkeyheadersusing#sct2.
.
.
107010711072ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page31of40.
.
.
1073107410751076.
.
.
1077107810791080108110821083ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page32of409ErrorHandling1084Therearemanycircumstanceswhereanerrorcanoccurwhileprocessingsecurityinformation.
Errors1085usetheSOAPFaultmechanism.
NotethatthereasontextprovidedbelowisRECOMMENDED,but1086alternativetextMAYbeprovidedifmoredescriptiveorpreferredbytheimplementation.
Thetables1087belowaredefinedintermsofSOAP1.
1.
ForSOAP1.
2,theFault/Code/Valueisenv:Sender(asdefined1088inSOAP1.
2)andtheFault/Code/Subcode/ValueisthefaultcodebelowandtheFault/Reason/Textisthe1089faultstringbelow.
ItshouldbenotedthatprofilesMAYprovidesecond-leveldetailsfields,buttheyshould1090becarefulnottointroducesecurityvulnerabilitieswhendoingso(e.
g.
byprovidingtoodetailed1091information).
1092Errorthatoccurred(faultstring)Faultcode(faultcode)Therequestedcontextelementsareinsufficientorunsupported.
wsc:BadContextTokenNotallofthevaluesassociatedwiththeSCTaresupported.
wsc:UnsupportedContextTokenThespecifiedsourceforthederivationisunknown.
wsc:UnknownDerivationSourceTheprovidedcontexttokenhasexpiredwsc:RenewNeededThespecifiedcontexttokencouldnotberenewed.
wsc:UnableToRenewws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page33of4010SecurityConsiderations1093AsstatedintheGoalssectionofthisdocument,thisspecificationismeanttoprovideextensible1094frameworkandflexiblesyntax,withwhichonecouldimplementvarioussecuritymechanisms.
This1095frameworkandsyntaxbyitselfdoesnotprovideanyguaranteeofsecurity.
Whenimplementingandusing1096thisframeworkandsyntax,onemustmakeeveryefforttoensurethattheresultisnotvulnerabletoany1097oneofawiderangeofattacks.
10981099Itisnotfeasibletoprovideacomprehensivelistofsecurityconsiderationsforsuchanextensiblesetof1100mechanisms.
Acompletesecurityanalysismustbeconductedonspecificsolutionsbasedonthis1101specification.
Belowweillustratesomeofthesecurityconcernsthatoftencomeupwithprotocolsofthis1102type,butwestressthatthisisnotanexhaustivelistofconcerns.
11031104Itiscriticalthatallrelevantelementsofamessagebeincludedinsignatures.
Aswell,thesignaturesfor1105securitycontextestablishmentmustincludeatimestamp,nonce,orsequencenumberdependingonthe1106degreeofreplaypreventionrequired.
Securitycontextestablishmentshouldincludefullpoliciesto1107preventpossibleattacks(e.
g.
downgradingattacks).
11081109Authenticatingservicesaresusceptibletodenialofserviceattacks.
Careshouldbetakentomitigate1110suchattacksasiswarrantedbytheservice.
11111112Therearemanyothersecurityconcernsthatonemayneedtoconsiderinsecurityprotocols.
Thelist1113aboveshouldnotbeusedasa"checklist"insteadofacomprehensivesecurityanalysis.
11141115Inadditiontotheconsiderationidentifiedhere,readersshouldalsoreviewthesecurityconsiderationsin1116[WS-Security]and[WS-Trust].
11171118ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page34of40A.
SampleUsages1119Thisnon-normativeappendixillustratesseveralsampleusagepatternsof[WS-Trust]andthisdocument.
1120Specifically,itillustratesdifferentpatternsthatcouldbeusedtoparallel,atanend-to-endmessagelevel,1121theselectedTLS/SSLscenarios.
Thisisnotintendedtobethedefinitivemethodforthescenarios,noris1122itfullyinclusive.
Itspurposeissimplytoillustrate,inacontextfamiliartoreaders,howthisspecification1123mightbeused.
1124Thefollowingsectionsarebasedonascenariowheretheclientwishestoauthenticatetheserverpriorto1125sharinganyofitsowncredentials.
11261127Itshouldbenotedthatthefollowingsampleusagesareillustrative;anyimplementationoftheexamples1128illustratedbelowshouldbecarefullyreviewedforpotentialsecurityattacks.
Forexample,multi-leg1129exchangessuchasthosebelowshouldbecarefultopreventman-in-the-middleattacksordowngrade1130attacks.
Itmaybedesirabletouserunninghashesaschallengesthataresignedorasimilarmechanism1131toensurecontinuityoftheexchange.
1132Theexamplesbelowassumethatbothpartiesunderstandtheappropriatesecuritypoliciesinuseand1133cancorrectlyconstructsignaturesandencryptionthattheotherpartycanprocess.
1134A.
1AnonymousSCT1135Inthisscenariotherequestorwishestoremainanonymouswhileauthenticatingtherecipientand1136establishinganSCTforsecurecommunication.
11371138Thisscenarioassumesthattherequestorhasakeyfortherecipient.
Ifthisisn'tthecase,theycanuse1139[WS-MEX]orthemechanismsdescribedinalatersectionorobtainonefromanothersecuritytoken1140service.
11411142Therearetwobasicpatternsthatcanapply,whichonlyvaryslightly.
Thefirstisasfollows:11431.
TherequestorsendsanRSTtotherecipientrequestinganSCT.
Therequestcontainskey1144materialencryptedfortherecipient.
Therequestisnotauthenticated.
11452.
Therecipient,ifitacceptssuchrequests,returnsanRSTRCwithoneormoreRSTRswiththe1146SCTastherequestedtokenanddoesnotreturnanyproofinformationindicatingthatthe1147requestor'skeyistheproof.
1148Aslightvariationonthisisasfollows:11491.
TherequestorsendsanRSTtotherecipientrequestinganSCT.
Therequestcontainskey1150materialencryptedfortherecipient.
Therequestisnotauthenticated.
11512.
Therecipient,ifitacceptssuchrequests,returnsanRSTRCwithoneormoreRSTRandwiththe1152SCTastherequestedtokenandreturnsitsownkeymaterialencryptedusingtherequestor'skey.
11531154Anotherslightvariationistoreturnanewkeyencryptedusingtherequestor'sprovidedkey.
1155Itshouldbenotedthatthevariationsthatinvolveencryptingdatausingtherequestor'skeymaterialmight1156besubjecttocertaintypesofkeyattacks.
1157Yetanotherapproachistoestablishasecurechannel(e.
g.
TLS/SSLIP/Sec)betweentherequestorand1158therecipient.
Keymaterialcanthensafelyflowineitherdirection.
Insomecircumstances,thisprovides1159greaterprotectionthantheapproachabovewhenreturningkeyinformationtotherequestor.
1160ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page35of40A.
2MutualAuthenticationSCT1161Inthisscenariotherequestoriswillingtoauthenticate,butwantstherecipienttoauthenticatefirst.
The1162followingstepsoutlinethemessageflow:11631.
TherequestorsendsanRSTrequestinganSCT.
Therequestcontainskeymaterialencrypted1164fortherecipient.
Therequestisnotauthenticated.
11652.
TherecipientreturnsanRSTRCwithoneormoreRSTRsincludingachallengefortherequestor.
1166TheRSTRCissecuredbytherecipientsothattherequestorcanauthenticateit.
11673.
Therequestor,afterauthenticatingtherecipient'sRSTRC,sendsanRSTRCrespondingtothe1168challenge.
11694.
Therecipient,afterauthenticatingtherequestor'sRSTRC,sendsasecuredRSTRCcontaining1170thetokenandeitherproofinformationorpartialkeymaterial(dependingonwhetherornotthe1171requestorprovidedkeymaterial).
11721173Anothervariationexistswherestep1includesaspecificchallengefortheservice.
Dependingonthe1174typeofchallengeusedthismaynotbenecessarybecausethemessagemaycontainenoughentropyto1175ensureafreshresponsefromtherecipient.
11761177Inothervariationstherequestordoesn'tincludekeyinformationuntilstep3sothatitcanfirstverifythe1178signatureoftherecipientinstep2.
1179ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page36of40B.
TokenDiscoveryUsingRST/RSTR1180Iftherecipient'ssecuritytokenisnotknown,theRST/RSTRmechanismcanstillbeused.
Thefollowing1181exampleillustratesonepossiblesequenceofmessages:11821.
TherequestorsendsanRSTrequestinganSCT.
Thisrequestdoesnotcontainanykey1183material,noristherequestauthenticated.
11842.
TherecipientsendsanRSTRCwithoneormoreRSTRstotherequestorwithanembedded1185challenge.
TheRSTRCissecuredbytherecipientsothattherequestorcanauthenticateit.
11863.
TherequestorsendsanRSTRCtotherecipientandincludeskeyinformationprotectedforthe1187recipient.
Thisrequestmayormaynotbesecureddependingonwhetherornottherequestis1188anonymous.
11894.
Thefinalissuancestepdependsontheexactscenario.
Anyofthefinallegsfromabovemightbe1190used.
11911192Notethatstep1mightincludeachallengefortherecipient.
Pleaserefertothecommentintheprevious1193sectiononthisscenario.
1194Alsonotethatinresponsetostep1therecipientmightissueafaultsecuredwith[WS-Security]providing1195therequestorwithinformationabouttherecipient'ssecuritytoken.
1196ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page37of40C.
Acknowledgements1197Thefollowingindividualshaveparticipatedinthecreationofthisspecificationandaregratefully1198acknowledged:1199OriginalAuthorsoftheinitialcontribution:1200SteveAnderson,OpenNetwork1201JeffBohren,OpenNetwork1202TouficBoubez,Layer71203MarcChanliau,ComputerAssociates1204GiovanniDella-Libera,Microsoft1205BrendanDixon,Microsoft1206PraeritGarg,Microsoft1207MartinGudgin(Editor),Microsoft1208SatoshiHada,IBM1209PhillipHallam-Baker,VeriSign1210MaryannHondo,IBM1211ChrisKaler,Microsoft1212HalLockhart,BEA1213RobinMartherus,Oblix1214HiroshiMaruyama,IBM1215AnthonyNadalin(Editor),IBM1216NatarajNagaratnam,IBM1217AndrewNash,Reactivity1218RobPhilpott,RSASecurity1219DarrenPlatt,PingIdentity1220HemmaPrafullchandra,VeriSign1221ManeeshSahu,Actional1222JohnShewchuk,Microsoft1223DanSimon,Microsoft1224DavanumSrinivas,ComputerAssociates1225ElliotWaingold,Microsoft1226DavidWaite,PingIdentity1227DougWalter,Microsoft1228RiazZolfonoon,RSASecurity12291230OriginalAcknoledgementsoftheinitialcontribution:1231PaulaAustel,IBM1232KeithBallinger,Microsoft1233JohnBrezak,Microsoft1234TonyCowan,IBM1235HongMeiGe,Microsoft1236SlavaKavsan,RSASecurity1237ScottKonersmann,Microsoft1238LeoLaferriere,ComputerAssociates1239PaulLeach,Microsoft1240RichardLevinson,ComputerAssociates1241JohnLinn,RSASecurity1242MichaelMcIntosh,IBM1243SteveMillet,Microsoft1244ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page38of40BirgitPfitzmann,IBM1245FumikoSatoh,IBM1246KeithStobie,Microsoft1247T.
R.
Vishwanath,Microsoft1248RichardWard,Microsoft1249HerveyWilson,Microsoft1250TCMembersduringthedevelopmentofthisspecification:1251DonAdams,TibcoSoftwareInc.
1252JanAlexander,MicrosoftCorporation1253SteveAnderson,BMCSoftware1254DonalArundel,IONATechnologies1255HowardBae,OracleCorporation1256AbbieBarbir,NortelNetworksLimited1257CharltonBarreto,AdobeSystems1258MighaelBotha,SoftwareAG,Inc.
1259TouficBoubez,Layer7TechnologiesInc.
1260NormanBrickman,MitreCorporation1261MelissaBrumfield,BoozAllenHamilton1262LloydBurch,Novell1263ScottCantor,Internet21264GregCarpenter,MicrosoftCorporation1265SteveCarter,Novell1266Ching-Yun(C.
Y.
)Chao,IBM1267MartinChapman,OracleCorporation1268KateCherry,LockheedMartin1269Henry(Hyenvui)Chung,IBM1270LucClement,SystinetCorp.
1271PaulCotton,MicrosoftCorporation1272GlenDaniels,SonicSoftwareCorp.
1273PeterDavis,Neustar,Inc.
1274MartijndeBoer,SAPAG1275WernerDittmann,SiemensAG1276AbdeslemDJAOUI,CCLRC-RutherfordAppletonLaboratory1277FredDushin,IONATechnologies1278PetrDvorak,SystinetCorp.
1279ColleenEvans,MicrosoftCorporation1280RuchithFernando,WSO21281MarkFussell,MicrosoftCorporation1282VijayGajjala,MicrosoftCorporation1283MarcGoodner,MicrosoftCorporation1284HansGranqvist,VeriSign1285MartinGudgin,MicrosoftCorporation1286TonyGullotta,SOASoftwareInc.
1287JiandongGuo,SunMicrosystems1288ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page39of40PhillipHallam-Baker,VeriSign1289PatrickHarding,PingIdentityCorporation1290HeatherHinton,IBM1291FrederickHirsch,NokiaCorporation1292JeffHodges,Neustar,Inc.
1293WillHopkins,BEASystems,Inc.
1294AlexHristov,OteciaIncorporated1295JohnHughes,PAConsulting1296DianeJordan,IBM1297VenugopalK,SunMicrosystems1298ChrisKaler,MicrosoftCorporation1299DanaKaufman,ForumSystems,Inc.
1300PaulKnight,NortelNetworksLimited1301RamanathanKrishnamurthy,IONATechnologies1302ChristopherKurt,MicrosoftCorporation1303KelvinLawrence,IBM1304HubertLeVanGong,SunMicrosystems1305JongLee,BEASystems,Inc.
1306RichLevinson,OracleCorporation1307TommyLindberg,DajeilLtd.
1308MarkLittle,JBossInc.
1309HalLockhart,BEASystems,Inc.
1310MikeLyons,Layer7TechnologiesInc.
1311EveMaler,SunMicrosystems1312AshokMalhotra,OracleCorporation1313AnandMani,CrimsonLogicPteLtd1314JonathanMarsh,MicrosoftCorporation1315RobinMartherus,OracleCorporation1316MikoMatsumura,Infravio,Inc.
1317GaryMcAfee,IBM1318MichaelMcIntosh,IBM1319JohnMerrells,SxipNetworksSRL1320JeffMischkinsky,OracleCorporation1321PrateekMishra,OracleCorporation1322BobMorgan,Internet21323VamsiMotukuru,OracleCorporation1324RaajmohanNa,EDS1325AnthonyNadalin,IBM1326AndrewNash,Reactivity,Inc.
1327EricNewcomer,IONATechnologies1328DuaneNickull,AdobeSystems1329ToshihiroNishimura,FujitsuLimited1330ws-secureconversation-1.
3-os1March2007CopyrightOASIS1993–2007.
AllRightsReserved.
OASIStrademark,IPRandotherpoliciesapply.
Page40of40RobPhilpott,RSASecurity1331DenisPilipchuk,BEASystems,Inc.
1332DarrenPlatt,PingIdentityCorporation1333MartinRaepple,SAPAG1334NickRagouzis,EnosisGroupLLC1335PrakashReddy,CA1336AlainRegnier,RicohCompany,Ltd.
1337IrvingReid,Hewlett-Packard1338BruceRich,IBM1339TomRutt,FujitsuLimited1340ManeeshSahu,ActionalCorporation1341FrankSiebenlist,ArgonneNationalLaboratory1342JoeSmith,ApaniNetworks1343DavanumSrinivas,WSO21344YakovSverdlov,CA1345GeneThurston,AmberPoint1346VictorValle,IBM1347AsirVedamuthu,MicrosoftCorporation1348GregWhitehead,Hewlett-Packard1349RonWilliams,IBM1350CorinnaWitt,BEASystems,Inc.
1351KyleYoung,MicrosoftCorporation1352