[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [wss] Comments on WSS-Core-01
OK, while I understand what is being said here, I still think that the present wording explains this, so is there some proposed wording that folks prefer ? Anthony Nadalin | work 512.436.9568 | cell 512.289.4122 |---------+----------------------------> | | "Mishra, Prateek"| | | <pmishra@netegrit| | | y.com> | | | | | | 10/02/2002 10:43 | | | AM | |---------+----------------------------> >----------------------------------------------------------------------------------------------------------------------------------------------| | | | To: "'Hal Lockhart'" <hal.lockhart@entegrity.com>, "Mishra, Prateek" <pmishra@netegrity.com>, wss@lists.oasis-open.org | | cc: | | Subject: RE: [wss] Comments on WSS-Core-01 | | | | | >----------------------------------------------------------------------------------------------------------------------------------------------| [Prateek Mishra] Hal, thanks for your clarification which appear quite reasonable to me. However, notice that the original text refers only to <wsse:SecurityTokenReference> elements combined with signatures. Your clarification explains the more general case of combining tokens of one sort or the other with signatures in the <wss:Security> header. We should either generalize lines 733-735 or explain why combining <wsse:SecurityTokenReference> with signatures has some additional special meaning. > (4) lines 733 - 735: I could not follow the point made here at all. To make this easier to follow, the lines in question are: ---- 733 When an XML Signature is used in conjunction with the <wsse:SecurityTokenReference> 734 element, the security token of a message signer may be correlated and a mapping made 735 between the claims of the security token and the message as evaluated by the application. ---- I believe the intention is that if the application receiving the message trusts the the token, it is allowed to associate the claims in the token with the party that originated the signed message. However, the specific semantics applied depend implicitly on both the nature of the claims and the specific application (and hence the contents of the message). They are not explicitly indicated by the contents of the security header. Common cases would be: 1. The message is some type of request and the claims describe the party making the request. 2. The information in the message is asserted to be correct by the party described by the claims. 3. The party described by the claims agrees to the contractual terms represented in the message. 4. The claims describe the policy for any use or distribution of the information in the message. However, these are surely not exhaustive. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC