This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/discussion/do/listPosts/projects.ggf-editor/discussion.rec_secure_communication_profile.topc4179 at Thu, 03 Nov 2022 23:20:49 GMT SourceForge : Post

Project Home

Tracker

Documents

Tasks

Source Code

Discussions

File Releases

Wiki

Project Admin
Project: Editor     Discussion > REC:Secure Communication Profile 1.0 > Request for true "mutually-authenticated" X509 policy > List of Posts
Forum Topic - Request for true "mutually-authenticated" X509 policy: (2 Items)
View:  as 
 
 
Request for true "mutually-authenticated" X509 policy
As mentioned in the previous comment, the "MutualX509" message-level policy is actually an "X.509 authentication of 
message sender to message reciever" policy.  In the case of one-way exchange patterns, the reciever's identity is never 
authenticated to the sender at all (as opposed to upon reciept of the response message).  There should probably be an 
additional policy for the common message-level sign/encrypt scenario: with protection analagous to SSL/TLS that provides
 authentication of the recipient to the sender through encryption.  The policy document would reference the current "
MutualX509" policy (or whatever it is renamed to) with the addition of the following subpolicy:

<wsp:Policy>
   <sp:EncryptedParts>
      <sp:Body/>
      <Header namespace="http://www.w3.org/2005/08/addressing"/>
   </sp:EncryptedParts>
   <sp:EncryptedElements>
      <sp:XPath>/Envelope/Header/*[@isReferenceParameter="true"]</sp:XPath>
   </sp:EncryptedElements>
</wsp:Policy>

This sign/encrypt policy might either called "MutualX509" upon renaming of the current policy of that name, or perhaps "
SecureX509".
Re: Request for true "mutually-authenticated" X509 policy
Resolved: left as-is.  As discussed previously, the existing "Mutual X.509" is, in fact, mutual.  Encryption is not 
exactly authenticating the recipient.  It's simply providing confidentiality.

-Duane

 
 


The Open Grid Forum Contact Webmaster | Report a problem | GridForge Help
This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/discussion/do/listPosts/projects.ggf-editor/discussion.rec_secure_communication_profile.topc4179 at Thu, 03 Nov 2022 23:20:50 GMT