[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss-comment] recursive Security Token References
Anthony Nadalin wrote on 9/1/2005, 11:44 AM:
> Referencing tokens is different than referencing the referencing
> mechanism to reference tokens, the STR is there as a means to
> reference tokens that closed content models, so it solves the issue of
> being able to reference a security token.
Not that I can parse that (can you say it 10 times in a row quickly?),
but from what I can understand one of the envisioned uses for the STR
and embedded tokens is to allow:
the Signature within a wsse:Secuirty header refer's to the
STR because there's some reason why the entity parsing the
signature cannot easily refer directly to the token itself.
(what you said was a "means [of] referencing tokens and key
material that can't be referenced otherwise ".
Now, elsewhere in the same message, we are saying that the entity
parsing the message *WILL* be able to reference that token if
they need to from within an STR.
Those two statements just seem to conflict to me.
Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]