RE: [imi] Conflict between SAML 2.0 token profile and WS-Trust

[Mike Jones <Michael.Jones@microsoft.com>]

Technically, those are different cases.  The text you're citing refers to the RP's SecurityPolicy and the actions the selector should take based upon it.  The inconsistency I cited referred to how the recipient should interpret WS-Trust messages.

Yes, ideally these defaults should have been the same.  But we can at least be consistent with WS-Trust by not stating that a different default should be used in that case.

Agreed?

				-- Mike

-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu] 
Sent: Tuesday, December 15, 2009 10:41 AM
To: Mike Jones; imi@lists.oasis-open.org
Subject: RE: [imi] Conflict between SAML 2.0 token profile and WS-Trust

Scott Cantor wrote on 2009-12-15:
> Mike Jones wrote on 2009-12-15:
>> Any disagreement, or shall I file an issue for us to consider on
>> Thursday's call?
> 
> Don't think I had any particular reason for that wording, so that's fine.
If
> anything I would have gotten it from (mis-)interpreting something in IMI,
> I'll take a look when time permits.

Found it:

3.3.5 Proof Key for Issued Token

An issued token can have a symmetric proof key (symmetric key token), an
asymmetric proof key (asymmetric key token), or no proof key (bearer token).
If no key type is specified in the Relying Party policy, then an Identity
Selector SHOULD request an asymmetric key token from the IP/STS by default.

So, which should I be consistent with?

-- Scott



---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php