OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-rx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [ws-rx] Revised proposal #2 for i122 - i124


Anthony Nadalin wrote:

> >So it is actually the core of our proposal to describe a solution 
> where the STR can remain in the security header by >utilizing the 
> @Usage attribute of the STR which is described in the WSS 1.0 / 1.1 
> OASIS Standard.
>
> The proposal as described requires that every existing WSS stack 
> change it processing behavior (see my last post), this is a unacceptable.
>
[PM]
There is no special processing required in WSS of the usage attribute. 
The usage attribute is passed onto the RM layer like any other piece of 
data from
the security layer.

Are you suggesting that any use of "usage" :-) would break WSS? If so, 
this is a serious problem and we should discuss further in WSS. It is 
possible that WSS is broken (indeed  this one reason for this 
discussion) and so we should certainly sort this out.

Here is the text for the usage attrib. from WSS 1.1 (843-847)

wsse:SecurityTokenReference/@wsse:Usage

This optional attribute is used to type the usage of the
<wsse:SecurityTokenReference>. Usages are specified using URIs and multiple
usages MAY be specified using XML list semantics. No usages are defined 
by this
specification.

Is this incorrect? If not, how is the case we are proposing "breaking 
the WSS processing semantics"?
[\PM]



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]