Hi,
For some application we would like to have a proof-of-possession key
with perfect forward secrecy security property.
WS-Trust clearly defines how to compute such key using the PSHA1
algorithm, but not how to properly do this using Diffie-Hellman.
Does anyone have an example on how this should best be incorporated
within the WS-Trust protocol?
Request should contain something like:
<wst:ComputedKeyAlgorithm>
http://www.w3.org/2001/04/xmlenc#DHKeyValue
</wst:ComputedKeyAlgorithm>
<wst:KeyType>
http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
</wst:KeyType>
<???>
<xenc:DHKeyValue>
<xenc:P>...</xenc:P>
<xenc:Q>...</xenc:Q>
<xenc:Generator>...</xenc:Generator>
<xenc:Public>...</xenc:Public>
</xenc:DHKeyValue>
</???>
The response something like:
<wst:RequestedProofToken>
<wst:ComputedKey>
http://www.w3.org/2001/04/xmlenc#DHKeyValue
</wst:ComputedKey>
<???>
<xenc:DHKeyValue>
<xenc:P>...</xenc:P>
<xenc:Q>...</xenc:Q>
<xenc:Generator>...</xenc:Generator>
<xenc:Public>...</xenc:Public>
</xenc:DHKeyValue>
</???>
</wst:RequestedProofToken>
Any suggestions here are welcome.
Mvg,
Frank.
