Hi Colm, >> 2) Actually if client defines policy containing only SignedParts, >> EncryptedParts assertions CXF does nothing and send unsigned/unencrypted >> message. >Exception is thrown only on service side (Assertion is not >> satisfied). I find it a little bit dangerous, because client can assume that >> message is encrypted. IMHO >exception should be thrown already on client >> side.
>Could you raise a JIRA for this? Sure, I also will try to provide a patch :) Regards, Andrei. -----Original Message----- From: Colm O hEigeartaigh [mailto:[email protected]] Sent: 08 February 2012 17:03 To: [email protected] Subject: Re: Signature and encryption in security policy Hi Andrei, Yes, we only support Signed/Encrypted Parts with a security binding. > 1) Basically I can see some use cases where signing/encryption can be > done without authentication, for example encryption request only. In this > case client just get public key of service and encrypt request message. > Actually, client haven't authenticate itself for this scenario. Are there > special reasons always to bind SignedParts, EncryptedParts with > AssymetricBinding, SymmetricBinding or TransportBinding? Specifying a binding does not imply authentication. So for example, if you just want to encrypt the message, you just specify an EncryptedParts policy with the relevant binding, and it should work fine. One caveat to this is if a Timestamp is included, then it is signed as per the spec. In addition, using a binding gives guarantees on key-sizes, algorithms etc. via an AlgorithmSuite policy. In short, I don't really see a use-case for allowing the user to specify an EncryptedParts without a binding. > 2) Actually if client defines policy containing only SignedParts, > EncryptedParts assertions CXF does nothing and send unsigned/unencrypted > message. Exception is thrown only on service side (Assertion is not > satisfied). I find it a little bit dangerous, because client can assume that > message is encrypted. IMHO exception should be thrown already on client side. Could you raise a JIRA for this? Colm. On Wed, Feb 8, 2012 at 3:42 PM, Andrei Shakirin <[email protected]> wrote: > Hi, > > Would like to discuss two topics regarding WS-Policy security implementation. > > Signature and encryption of request are controlled by SignedParts, > EncryptedParts policy assertions. > But, as far as I can see, these assertions can be active only together with > AssymetricBinding, SymmetricBinding or TransportBinding assertions. > Asymmetric/Symmetric BindingHandler get signing/encryption element lists from > AbstractBindingHandler and call appropriate WSS4J function to sign or encrypt > message parts. > Asymmetric/Symmetric BindingHandler is called from > PolicyBasedWSS4JOutInterceptorInternal interceptor associated with > AssymetricBinding, SymmetricBinding or TransportBinding assertions. > That means, if client has a policy ONLY with SignedParts, EncryptedParts > assertions, WITHOUT AssymetricBinding, SymmetricBinding or TransportBinding > it does nothing with message. > > Two questions: > > 1) Basically I can see some use cases where signing/encryption can be > done without authentication, for example encryption request only. In this > case client just get public key of service and encrypt request message. > Actually, client haven't authenticate itself for this scenario. Are there > special reasons always to bind SignedParts, EncryptedParts with > AssymetricBinding, SymmetricBinding or TransportBinding? > > 2) Actually if client defines policy containing only SignedParts, > EncryptedParts assertions CXF does nothing and send unsigned/unencrypted > message. Exception is thrown only on service side (Assertion is not > satisfied). I find it a little bit dangerous, because client can assume that > message is encrypted. IMHO exception should be thrown already on client side. > > Regards, > Andrei. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
