OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-sx] Issue 30: Need a mechanism to identify token assertions

Comments inline

Cheers

Gudge 

> -----Original Message-----
> From: Marc Goodner [mailto:mgoodner@microsoft.com] 
> Sent: 09 February 2006 20:49
> To: Dittmann, Werner; ws-sx@lists.oasis-open.org
> Subject: [ws-sx] Issue 30: Need a mechanism to identify token 
> assertions
> 
> This is now logged as issue 30.
> 
> Marc Goodner
> Technical Diplomat
> Microsoft Corporation
> Tel: (425) 703-1903
> Blog: http://spaces.msn.com/mrgoodner/ 
> 
> 
> -----Original Message-----
> From: Dittmann, Werner [mailto:werner.dittmann@siemens.com] 
> Sent: Thursday, February 09, 2006 12:17 AM
> To: ws-sx@lists.oasis-open.org
> Cc: Marc Goodner
> Subject: NEW Issue: Need a mechanism to identify token assertions
> 
> PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
> THE ISSUE IS ASSIGNED A NUMBER.
> 
> The issues coordinators will notify the list when that has occurred.
> 
> Protocol:  ws-sp
> ws-securitypolicy-1.2-spec-ed-01-r03-diff.pdf
> 
> Artifact:  spec
> 
> Type: design
> 
> Title: Need a mechanism to identify token assertions
> 
> Description: 
> 
> An implementation that uses Security Policy Language has to know how
> to populate the required tokens, e.g. UsernameToken or X509
> tokens. Because a policy file usually contains several token
> assertions there should be a mechanism avaliable to identify a token
> assertion.
> 
> For example if a policy requires two UsernameToken in a supporting
> token the application that creates the message needs a way to link the
> different UsernameToken assertions to the user data records that
> contains
> username, password, etc. To do so the application shall be able to
> identify the UsernameToken and use this identifier as a link to the
> user data record. 
> 
> Simliar mechanisms are required to locate the correct X509 certificate
> in a keystore, for example. 

[MJG]
While I agree that a service needs to be able to distinguish between
such tokens and potentially locate such tokens on it's side, I don't
believe WS-SecurityPolicy should specify such things. They are internal
implementation details that the client need not be aware of.

> 
> Related issues:
> none
> 
> Proposed Resolution:
> 
> Add an Id or name attribute or to token assertions.  Any other ideas
> how to identify token in a Poliy file and associated them with real
> user/alias data?
> 
> Werner Dittmann
> Siemens COM MN CC BD TO
> mailto:Werner.Dittmann@siemens.com
> Tel:   +49(0)89 636 50265
> Mobil: +49(0)172 85 85 245
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]