[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ws-rx] Revised proposal #2 for i122 - i124
Anthony Nadalin wrote: > >So it is actually the core of our proposal to describe a solution > where the STR can remain in the security header by >utilizing the > @Usage attribute of the STR which is described in the WSS 1.0 / 1.1 > OASIS Standard. > > The proposal as described requires that every existing WSS stack > change it processing behavior (see my last post), this is a unacceptable. > [PM] There is no special processing required in WSS of the usage attribute. The usage attribute is passed onto the RM layer like any other piece of data from the security layer. Are you suggesting that any use of "usage" :-) would break WSS? If so, this is a serious problem and we should discuss further in WSS. It is possible that WSS is broken (indeed this one reason for this discussion) and so we should certainly sort this out. Here is the text for the usage attrib. from WSS 1.1 (843-847) wsse:SecurityTokenReference/@wsse:Usage This optional attribute is used to type the usage of the <wsse:SecurityTokenReference>. Usages are specified using URIs and multiple usages MAY be specified using XML list semantics. No usages are defined by this specification. Is this incorrect? If not, how is the case we are proposing "breaking the WSS processing semantics"? [\PM]
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]