[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] Created: (IMI-22) Usage of term certficate isunclear
Usage of term certficate is unclear
-----------------------------------
Key: IMI-22
URL: http://tools.oasis-open.org/issues/browse/IMI-22
Project: OASIS Identity Metasystem Interoperability (IMI) TC
Issue Type: Bug
Components: Editorial
Affects Versions: IMI 1.0 PR1
Reporter: Marc Goodner
Assignee: Michael Jones
Priority: Minor
Fix For: IMI 1.0 CD3
From public comment: http://lists.oasis-open.org/archives/imi-comment/200904/msg00001.html
The text makes repeated references to "certificate". Is certificate distinct from "token"? What qualifies as a certificate? PK certificate? X.509 certificate? PKIX profiled certificate? Does a Kerberos token qualify? How about a SAML token with a PK? What role does this certificate play? does it represent the identity of one of the parties? if so, which one? is it an encryption key for one of the parties?
lines 397-399 say:
Each RP/STS endpoint MUST provide a certificate. This certificate MAY be communicated either via Transport (such
as HTTPS) or Message (such as WS-Security) Security. If Message Security is employed, transports not providing
security (such as HTTP) may be used.
Is the sender required to provide PoP of the private key? How exactly is the certificate to be sent? In the SOAP body? In the Security header?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]