Hi Frank, I haven't seen any requirements for this before, and I'm not sure if the spec accommodates it. Probably the best approach is to define a custom extension for handling this requirement.
Colm. On Tue, Jul 28, 2015 at 10:09 AM, Frank Cornelis <[email protected]> wrote: > Hi, > > > For some application we would like to have a proof-of-possession key with > perfect forward secrecy security property. > WS-Trust clearly defines how to compute such key using the PSHA1 > algorithm, but not how to properly do this using Diffie-Hellman. > Does anyone have an example on how this should best be incorporated within > the WS-Trust protocol? > > Request should contain something like: > > <wst:ComputedKeyAlgorithm> > http://www.w3.org/2001/04/xmlenc#DHKeyValue > </wst:ComputedKeyAlgorithm> > <wst:KeyType> > http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey > </wst:KeyType> > <???> > <xenc:DHKeyValue> > <xenc:P>...</xenc:P> > <xenc:Q>...</xenc:Q> > <xenc:Generator>...</xenc:Generator> > <xenc:Public>...</xenc:Public> > </xenc:DHKeyValue> > </???> > > > > > The response something like: > > <wst:RequestedProofToken> > <wst:ComputedKey> > http://www.w3.org/2001/04/xmlenc#DHKeyValue > </wst:ComputedKey> > <???> > <xenc:DHKeyValue> > <xenc:P>...</xenc:P> > <xenc:Q>...</xenc:Q> > <xenc:Generator>...</xenc:Generator> > <xenc:Public>...</xenc:Public> > </xenc:DHKeyValue> > </???> > </wst:RequestedProofToken> > > > > Any suggestions here are welcome. > > > Mvg, > Frank. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
