[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] Created: (IMI-22) Usage of term certficate isunclear
Usage of term certficate is unclear ----------------------------------- Key: IMI-22 URL: http://tools.oasis-open.org/issues/browse/IMI-22 Project: OASIS Identity Metasystem Interoperability (IMI) TC Issue Type: Bug Components: Editorial Affects Versions: IMI 1.0 PR1 Reporter: Marc Goodner Assignee: Michael Jones Priority: Minor Fix For: IMI 1.0 CD3 From public comment: http://lists.oasis-open.org/archives/imi-comment/200904/msg00001.html The text makes repeated references to "certificate". Is certificate distinct from "token"? What qualifies as a certificate? PK certificate? X.509 certificate? PKIX profiled certificate? Does a Kerberos token qualify? How about a SAML token with a PK? What role does this certificate play? does it represent the identity of one of the parties? if so, which one? is it an encryption key for one of the parties? lines 397-399 say: Each RP/STS endpoint MUST provide a certificate. This certificate MAY be communicated either via Transport (such as HTTPS) or Message (such as WS-Security) Security. If Message Security is employed, transports not providing security (such as HTTP) may be used. Is the sender required to provide PoP of the private key? How exactly is the certificate to be sent? In the SOAP body? In the Security header? -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]