OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Issue 101: Need additional SamlToken Assertion Elements for Holder-of-Key and Sender-Vouches

Issue 101.

-----Original Message-----
From: Rich Levinson [mailto:rich.levinson@oracle.com] 
Sent: Tuesday, August 08, 2006 6:25 PM
To: ws-sx@lists.oasis-open.org; Marc Goodner
Subject: NEW Issue: Need additional SamlToken Assertion Elements for
Holder-of-Key and Sender-Vouches

PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSION THREAD UNTIL THE
ISSUE IS ASSIGNED A NUMBER.  
The issues coordinators will notify the list when that has occurred.

Protocol:  ws-sp

    
http://www.oasis-open.org/committees/download.php/18837/ws-securitypolic
y-1.2-spec-ed-01-r07.pdf

Artifact:  spec

Type:    design

Title:

    Need additional SamlToken Assertion Elements for Holder-of-Key and
Sender-Vouches

Description:

    Comparable to the level of granularity defined for UsernameToken
Assertions (lines 854-861 (NoPassword, HashPassword))
     and X509Token Assertions (lines 1004-1024 several token types), the
SamlToken Assertion needs token types of
    sender-vouches and holder-of-key defined. As in the Username and
X509 token cases, the WS 1.0 and WS 1.1
    Saml Token profiles identify these token types as explicit use cases
that the profile supports.

 
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0.pdf
          see line 495

       
http://www.oasis-open.org/committees/download.php/16768/wss-v1.1-spec-os
-SAMLTokenProfile.pdf
          see line 672

Related issues:    None

Proposed Resolution:

    Add the following lines after line 1322 in section 5.3.8:

       /sp:SamlToken/wsp:Policy/sp:WssSamlHolderOfKey
          This optional element identifies that a SAML holder-of-key
token should be used as
          defined in [WSS: SAML Token Profile 1.0, 1.1].

       /sp:SamlToken/wsp:Policy/sp:WssSamlSenderVouches
          This optional element identifies that a SAML sender-vouches
token should be used as
          defined in [WSS: SAML Token Profile 1.0, 1.1].

    The above proposal would require 2 elements to fully define the
required token. An alternative
    approach would be to explicitly define the 2 tokens for all 3
supported versions as follows:

       /sp:SamlToken/wsp:Policy/sp:WssSamlV11Token10HolderOfKey
          This optional element identifies that a SAML Version 1.1
holder-of-key token should be used as
          defined in [WSS: SAML Token Profile 1.0].

       /sp:SamlToken/wsp:Policy/sp:WssSamlV11Token10SenderVouches
          This optional element identifies that a SAML Version 1.1
sender-vouches token should be used as
          defined in [WSS: SAML Token Profile 1.0].

        /sp:SamlToken/wsp:Policy/sp:WssSamlV11Token11HolderOfKey
          This optional element identifies that a SAML Version 1.1
holder-of-key token should be used as
          defined in [WSS: SAML Token Profile 1.1].

       /sp:SamlToken/wsp:Policy/sp:WssSamlV11Token11SenderVouches
          This optional element identifies that a SAML Version 1.1
sender-vouches token should be used as
          defined in [WSS: SAML Token Profile 1.1].

        /sp:SamlToken/wsp:Policy/sp:WssSamlV20Token11HolderOfKey
          This optional element identifies that a SAML Version 2.0
holder-of-key token should be used as
          defined in [WSS: SAML Token Profile 1.1].

       /sp:SamlToken/wsp:Policy/sp:WssSamlV20Token11SenderVouches
          This optional element identifies that a SAML Version 2.0
sender-vouches token should be used as
          defined in [WSS: SAML Token Profile 1.1].

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]