OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-sx] Proposal for Issue 78

Hal,

As a friendly amendment to this proposal I suggest to change the
following:

When an SCT is referenced from outside the <Security> element, a message
independant referencing mechanisms MUST be used, to enable a cleanly
layered processing model.

To:

When an SCT is referenced from outside the <Security> element, it is
RECOMMENDED to use a message independent referencing mechanisms, to
enable a cleanly layered processing model.


The reason for this is that WSS and previous versions of WS-SC do not
prohibit using message-local referencing style from outside the security
header if the SCT is itself present in the message. By making this
requirement mandatory we can break existing implementations or dependent
protocols. I think that RECOMMENDED is more appropriate here for this
reason.

Does this make sense?

Thanks,
--Jan

-----Original Message-----
From: Hal Lockhart [mailto:hlockhar@bea.com] 
Sent: Tuesday, July 18, 2006 8:26 AM
To: ws-sx@lists.oasis-open.org
Subject: [ws-sx] Proposal for Issue 78

I propose replacing section 8 with:

-----
For a variety of reasons it may be necessary to reference a Security
Context Token. These references can be broken into two general
categories: references from within the <Security> element, generally
used to indicate the key used in a signature or encryption operation and
references from other parts of the SOAP envelope, for example to specify
a token to be used in some specified way. References within the
<Security> element can further be divided into reference to an SCT found
within the message and and referenes to a SCT not present in the
message.

The Security Context Token does not support references to it using key
identifiers or key names.  All references MUST either use an ID (to a
wsu:Id attribute) or a <wsse:Reference> to the <wsc:Identifier> element.



{Question: when the <wsc:Identifier> element value is used, is it
necessary to also specify the <wsc:Instance> element value, if present
to disambiguate the key?}


References using an ID are message-specific. References using the
<wsc:Identifier> element value are message independant.

When an SCT is referenced from outside the <Security> element, a message
independant referencing mechanisms MUST be used, to enable a cleanly
layered processing model.

When an SCT is referenced from within the <Security> element, but the
SCT is not present in the message, (presumably because it was
transmitted in a previous message) a message independant referencing
mechanism MUST be used.

When the SCT is referenced from within the <Security> element and is
present in the message, a message-specific referencing mechanism MAY be
used.


[examples]
----

Note the second paragraph is copied from lines 144-146. I suggest
deleting these.

Hal

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]