[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Issue 30: Need a mechanism to identify token assertions
Comments inline Cheers Gudge > -----Original Message----- > From: Marc Goodner [mailto:mgoodner@microsoft.com] > Sent: 09 February 2006 20:49 > To: Dittmann, Werner; ws-sx@lists.oasis-open.org > Subject: [ws-sx] Issue 30: Need a mechanism to identify token > assertions > > This is now logged as issue 30. > > Marc Goodner > Technical Diplomat > Microsoft Corporation > Tel: (425) 703-1903 > Blog: http://spaces.msn.com/mrgoodner/ > > > -----Original Message----- > From: Dittmann, Werner [mailto:werner.dittmann@siemens.com] > Sent: Thursday, February 09, 2006 12:17 AM > To: ws-sx@lists.oasis-open.org > Cc: Marc Goodner > Subject: NEW Issue: Need a mechanism to identify token assertions > > PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL > THE ISSUE IS ASSIGNED A NUMBER. > > The issues coordinators will notify the list when that has occurred. > > Protocol: ws-sp > ws-securitypolicy-1.2-spec-ed-01-r03-diff.pdf > > Artifact: spec > > Type: design > > Title: Need a mechanism to identify token assertions > > Description: > > An implementation that uses Security Policy Language has to know how > to populate the required tokens, e.g. UsernameToken or X509 > tokens. Because a policy file usually contains several token > assertions there should be a mechanism avaliable to identify a token > assertion. > > For example if a policy requires two UsernameToken in a supporting > token the application that creates the message needs a way to link the > different UsernameToken assertions to the user data records that > contains > username, password, etc. To do so the application shall be able to > identify the UsernameToken and use this identifier as a link to the > user data record. > > Simliar mechanisms are required to locate the correct X509 certificate > in a keystore, for example. [MJG] While I agree that a service needs to be able to distinguish between such tokens and potentially locate such tokens on it's side, I don't believe WS-SecurityPolicy should specify such things. They are internal implementation details that the client need not be aware of. > > Related issues: > none > > Proposed Resolution: > > Add an Id or name attribute or to token assertions. Any other ideas > how to identify token in a Poliy file and associated them with real > user/alias data? > > Werner Dittmann > Siemens COM MN CC BD TO > mailto:Werner.Dittmann@siemens.com > Tel: +49(0)89 636 50265 > Mobil: +49(0)172 85 85 245 >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]