Re: Security protocols for TRP

[christopher ferris <chris.ferris@east.sun.com>]

Prasad,

Please see below.

Cheers,

Chris

Prasad Yendluri wrote:
> 
<snip/>
> > >
> > >         1.      Will the layers above the TRP (e.g.. Application layer) know that the
> > > (received) message was signed and encrypted ?
> >
> > This depends. It is our intent to have the CPA define/describe the packaging
> > and security aspects that the parties agreed to employ. If the scheme
> > employed is to delegate the signing of the header/payload to the MSH
> > (using XMLDSIG) then the answer would be no, although we should probably
> > discuss how the MSH should interface with the application/application services
> > layer above to communicate signature validation info, etc.
> >
> > If the payload is signed/encrypted with a MIME-based approach (S/MIME
> > or PGP/MIME) then this is completely within the domain of the
> > application or application services layer to process (validate
> > signature and/or decrypt with private key, etc.)
> >
> > Again, our intent is to capture all of this information in the CPP/CPA.
> 
> <PY> It is possible for the CPA to specify > 1 valid possibilities, including
> signing/encrypting/both and the specific mechanisms (S/MIME, PGP/MIME, XMLDSIG etc.) to be used.

That is the intent. Dale is working on the packaging profiles
which will be referenced from the CPP/CPA.

> Which particular one is employed by a message instance needs to be identified somewhere. CPP/CPA
> may not be enough. I think this needs to be captured in the envelope. </PY>

Interesting point. I think that we'll have to review this more closely
once Dale and I have finished our work on the CPP CPA and profiles
to make this determination.

<snip/>
begin:vcard 
n:Ferris;Christopher
tel;cell:508-667-0402
tel;work:781-442-3063
x-mozilla-html:FALSE
org:Sun Microsystems, Inc;XTC Advanced Development
adr:;;;;;;
version:2.1
email;internet:chris.ferris@east.sun.com
title:Sr. Staff Engineer
fn:Christopher Ferris
end:vcard