[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Interop scenarios document issues
Hi Marc, Sounds reasonable, I will update the points made in this message. >I've posted a new version that has been updated as described below. I >have one change left I need to look at more closely to update the >description for the mutual cert wss 1.1 binding. Prateek, can you handle >the other items? > >-----Original Message----- >From: Jan Alexander >Sent: Tuesday, July 11, 2006 1:49 PM >To: ws-sx@lists.oasis-open.org >Cc: Marc Goodner; Prateek Mishra >Subject: Interop scenarios document issues > >I've identified couple of issues in the current interop scenarios >document version: > >1. All sample messages need to be updated to use the IssueFinal WS-A >action for the RSTRC responses >MG: Done. There were a couple of examples with empty soap headers, I did >not update those. > >2. In some samples (SecureConversation binding for example) the WSS, >WSU, WS-SC and WS-Trust namespaces are not using the right URIs. > > 1. The namespaces table and some message samples use the interim >WSS 1.1 namespace before WSS 1.1 was finalized >(http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-wssecurity-sece >xt-1.1.xsd) instead of using the final WSS 1.1 namespace >(http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd). >MG: Done. > > 2. The same issue is with @ValueType URIs in STR <Reference> >when referencing encrypted keys and when using ThumbprintSHA1 or >EncryptedKeySHA1 @ValueType in <KeyIdentifier>. >MG: I think I got these, please double check. > >3. The Username for SAML 1.1 Bearer Token, WSS 1.0 binding does not have ><u:Timestamp> in <wsse:Security> header. The response does not have ><o:Security> header. >MG: Prateek can you take this one? YES > >4. The Certificate for SAML 1.1 HoK Token, WSS 1.0 binding does not make >much sense as the client does not prove possession of the X.509 >certificate private key to the STS when sending the RST. >MG: I'm not sure how to address this. Prateek? I will take a look at this. > >5. The Certificate for SAML 1.1 HoK Token, WSS 1.0 binding does not have ><u:Timestamp> in <wsse:Security> header. The response does not have ><o:Security> header. >MG: Prateek can you take this one? YES. > >6. Mutual Certificate, WSS1.1 binding in the message example has the ><e:ReferenceList> outside of <e:EncryptedKey> but it needs to be inside ><e:EncryptedKey> because the <EncryptedData> inside <soap-env:Body> does >not have <KeyInfo>. >MG: Done, please double check. > >7. Mutual Certificate, WSS 1.1 binding description should be updated >because it does not use derived keys in the message examples but the >description suggests usage of derived keys. >MG: I need to look at this one more closely to get this right. > >8. The titles for SAML 1.1 client <-> service binding should be changed >as follows: > > 1. Issued SAML 1.1 Token -> Issued SAML 1.1 Token for >Certificate, WSS 1.0 > > 2. Issued SAML 1.1 Token for Certificate -> Issued SAML 1.1 >Token for Certificate, WSS 1.1 >MG: Done > >9. Issued SAML 2.0 client <-> service binding does not have message >samples >MG: Prateek? I will take a look at this. I am not sure we intended to add such a sample. > >10. Delegated SAML 2.0 with Certificate for SAML 2.0 HoK, WSS 1.1 >binding does not have <u:Timestamp> in <wsse:Security> header. The >response does not have <o:Security> header. >MG: Prateek? Will add. > >Thanks, >--Jan > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]