[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: wsse:Embedded
I have some questions on Embedded References in section 7.4 of the core.
The definition of the wsu:Id attribute of the wsse:Embedded element is "An
optional string reference for this element". This says to me that the
wsu:Id refers to the wsse:Embedded element itself. However, the example
indicates that the wsu:Id refers to the element pointed to, with the further
assumption that tok1 is local.
I thought that the main idea of Embedded was to have the token literally in
the STR. Wouldn't a better example be: (or am I mis-understanding the
purpose of the embedded element.)
<S:Envelope>
<S:Header>
<wsse:Security>
...
<wsse:SecurityTokenReference>
<wsse:Embedded>
<saml:Assertion ...>
...
</saml:Assertion>
</wsse:Embedded>
</wsse:SecurityTokenReference>
...
The way Embedded is used in the example in the core document (lines 734 to
735) seems to me to be better represented by using the KeyIdentifer. Also,
lines 730 and 733 use the element KeyIdentifer.
Don
====================
Donald Flinn
Managing Partner
Flint Security
Phone: (781) 856-7230
e-mail: flinn@alum.mit.edu
Web Page: http://dflinn.home.attbi.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]