[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss-comment] recursive Security Token References
Anthony Nadalin wrote on 9/1/2005, 11:44 AM: > Referencing tokens is different than referencing the referencing > mechanism to reference tokens, the STR is there as a means to > reference tokens that closed content models, so it solves the issue of > being able to reference a security token. Not that I can parse that (can you say it 10 times in a row quickly?), but from what I can understand one of the envisioned uses for the STR and embedded tokens is to allow: the Signature within a wsse:Secuirty header refer's to the STR because there's some reason why the entity parsing the signature cannot easily refer directly to the token itself. (what you said was a "means [of] referencing tokens and key material that can't be referenced otherwise ". Now, elsewhere in the same message, we are saying that the entity parsing the message *WILL* be able to reference that token if they need to from within an STR. Those two statements just seem to conflict to me. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]