[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: editorial comments - X509 token profile draft 5
I have some editorial comments on the X509 token profile section 2.2 - update wsse, wsu namespaces Section 3. Do we need this section of Identification,Contact, Description, Updates? If so, it is missing from the Username profile. It seems better just to remove this. Section 3.2 proposal: "X.509 certificates can be conveyed in a ds:KeyInfo element, a BinarySecurityToken element, or referenced using a ds:X509IssuerSerial ds:KeyInfo element. When a ds:KeyInfo element is used, it is recommended that it be conveyed as a child of a wsse:Security element, whether to convey certificates or certificate references. When a certificate or certificate chain is conveyed, a wsse:BinarySecurityToken is recommended. This allows receivers to have a single processing model. The following values are defined for ..." (Does using certificate references require a ds:KeyInfo processing model anyway?) Section 3.3 Move 1st two paragraphs of 3.3.1 to 3.3, remove duplicate in 3.3.2. General text about use of SecurityTokenReference and scope regarding certificates. Section 3.3.2 Use preferred PKIPATH in example? regards, Frederick Frederick Hirsch Nokia Mobile Phones
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]