[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: recursive Security Token References
Section 7 of the core specification goes into great details on the concept of Token references, but it does not appear to address the concept of a token reference referencing another token reference (e.g. an indirect reference). I think that at the absolute minimum there should be a statement about this case, perhaps saying it is out of scope for the specification -- although I would rather see this situation addressed. My recommendation would be add some discussion within section 7.2 (Direct References) pointing out that such a reference could be a reference to another STR which should be de-referenced. For example, add the following to the discussion about the @URI attribute: The URI may point also point to an STR which should be dereferenced in order to get to the actual token. In such case the ValueType should be set to "#STR". We have found a need to refer to a reference in the case where we have messages that may pass round the same token in multiple locations within a message and the ability to refer to the other location is very useful -- especially in the case where one of the STRs is an embedded token and other STRs refer to the embedded token itself. Apologies if I've missed the discussion on this capability somewhere in the doc. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]