wss message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: RE: [wss] New Issue: SecurityTokenReference/Reference/@ValueType Attribute
- From: "Eric Gravengaard" <eric@reactivity.com>
- To: <wss@lists.oasis-open.org>
- Date: Tue, 18 Nov 2003 09:49:30 -0800
Title: Message
On
behalf of Grant Goodale:
I found these two attributes a bit
confusing as well. In particular, the implied difference between "normal"
and local URIs seems out of place. My interpretation was
that either
a) the ValueType attribute
of the Reference element was intended for use in a
SecurityTokenReference referring to a token other than a
BinarySecurityToken,
b) when referring to a
BinarySecurityToken, the ValueType attribute of the Reference element should
contain a value indicating as such rather than a value indicating the
"value space" of the data contained within the referenced BInarySecurityToken,
or
c) there exists some issue with
the resolution of local URIs during processing that this attribute was intended
to address.
Regards,
Grant
Section 7.2 Direct References of Web
Services Security: SOAP Message Security Working Draft 17, Wednesday, 27 August
2003 states:
"/wsse:SecurityTokenReference/Reference/@ValueType
This
optional attribute specifies a QName that is used to identify the type of token
being referenced (see <wsse:BinarySecurityToken>). This specification does
not define any processing rules around the usage of this attribute, however,
specifications for individual token types MAY define specific processing rules
and semantics around the value of the URI and how it SHALL be interpreted. If
this attribute is not present, the URI SHALL be processed as a normal URI. The
usage of ValueType is RECOMMENDED for local URIs."
Section 6.3.2 Encoding Binary Security Tokens of Web
Services Security: SOAP Message Security Working Draft 17, Wednesday, 27 August
2003 states:
"/wsse:BinarySecurityToken/@ValueType
The ValueType attribute is used to indicate
the "value space" of the encoded binary data (e.g. an X.509 certificate). The
ValueType attribute allows a qualified name that defines the value type and
space of the encoded binary data. This attribute is extensible using XML
namespaces. Subsequent specifications MUST define the ValueType value for the
tokens that they define. The usage of ValueType is RECOMMENDED."
The description of the
SecurityTokenReference/Reference/@ValueType attribute would have been more
understandable if it hadn't referenced the BinarySecurityToken. After reading
that section, I am not sure I understand how these attributes differ in purpose.
It seems odd that usage of the ValueType attribute would be recommended for both
the wsse:BinarySecurityToken and the wsse:SecurityTokenReference that points to
it.
My understanding is that the
description of the SecurityTokenReference/Reference/@ValueType attribute is
incorrect.
Thanks,
Mike
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]