[ogsa-wg] OGSA Basic Profile Telecon Agenda 4/6

Steven Newhouse s.newhouse at omii.ac.uk
Thu Apr 7 05:48:04 CDT 2005 

<snip>

> 2. Namespaces
>   ogsa-bp: a Namespace URI for the Basic Profile 1.0 document
>            (OGSA Basic Profile 1.0) 
> 
>   And this note also uses the following entity references to ease 
>   the description of the URIs.
> 
>   &wsse;   the Namespace URI for Web Services Security v1.0
>   &ogsabp; the Namespace URI for OGSA Basic Profile 1.0
> 
> 3. Example
>   The following shows an example which the profile is intended to 
>   define.
> 
>   (001) <wsa:EndpointReference>
>   (002)   <wsa:Address>http://www.globus.org/some/path</wsa:Address>
>   (003)   <wsa:Metadata>
>   (004)     <ogsabp:EndpointKeyInfo>
>   (005)       <wsse:SecurityTokenReference 
>                 ogsabp:KeyUsage="&ogsabp;#signature">
>   (006)         <wsse:Reference URI="#token1"/>
>   (007)       </wsse:SecurityTokenReference>
>   (008)       <wsse:SecurityTokenReference
>   (009)         ogsabp:KeyUsage="&ogsabp;#encryption">
>   (010)         <wsse:Embedded>
>   (011)           <wsse:BinarySecurityToken 
>                                     ValueType="&wsse;X509PKIpathv1">
>   (012)             MIIC.....
>   (013)           </wsse:BinarySecurityToken>
>   (014)         </wsse:Embedded>
>   (015)       </wsse:SecurityTokenReference>
>   (016)     </ogsabp:EndpointKeyInfo>
>   (017)   </wsa:Metadata>
>   (018) </wsa:EndpointReference>
> 
> (001)-(018) An example wsa:EndointReference
> (004)-(016) An example of ogsabp:EndpointKeyInfo elment is shown.  
>             The actual key information contained in the 
>             ogsabp:EndpointKeyInfo element is bound to the endpoint 
>             specified by the enclosing wsa:EndpointReference.
> (005)-(007) An example of actual key information is shown.  The key is
>             expressed by using wsse:SecurityTokenReference and the
>             ogsabp:KeyUsage attribute shows that the key shoud be used 
>             for signature.  The key data is referenced by the same
>             document referece, "#token1".
> (008)-(015) Another example of key information is shown.  The key is 
>             also expressed by using wsse:SecurityTokenReference, but
>             the actual key data is embbeded in the element as a 
>             wsse:BinarySecurityToken in wsse:Embedded.  And the usage 
>             of the key is specified as encryption by the
>             ogsabp:KeyUsage attribute.
> 

> 6. Interoperability
>   To ensure the interoperability, a wsse:SecurityTokenReference element
>   MUST comform to the requirements defined in the section 4.2
>   of the WS-I Basic Profile 1.0 document (SecurityTokenReferences).
> 
>   To ensure the interoperability, if the wsse:BinarySecurityToken 
>   refers to or embeds an X509 Certificate, the wsse:BinarySecurityToken
>   MUST comform to the requirements defined in the chapter 6 of the
>   WS-I Basic Profile 1.0 document (X509 Certificate Token Profile).

If I have a client environment that just understands WS-I 
specifications... what else would it need to understand to support this 
proposed profile. Could it handle the parsing of ogsabp:KeyUsage and 
know what to do with it?

Steven

-- 
----------------------------------------------------------------
Dr Steven Newhouse                        Tel:+44 (0)2380 598789
Deputy Director, Open Middleware Infrastructure Institute (OMII)
Suite 6005, Faraday Building (B21), Highfield Campus,
Southampton University, Highfield, Southampton, SO17 1BJ,  UK

More information about the ogsa-wg mailing list