OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] Groups - WSS-SAML-08.pdf uploaded

Ron,

I have a couple of comments on the WS-SAML profile spec
that I would like you to consider. They all have to do with
whether the examples are in synch with the intended
statements in the specification sections (page and line numbers
refer to the merged version of the WS-SAML profile spec. Note there 
are also some line number references to the WS-Core spec which
contains related information to some of the comments)

	1 Should the STR dereference transform as described in
	  section 3.3.3 (p12 line 384-387) be used in the 
	  sender-vouches scenario in section 3.4.2.3 (p. 19
	  lines 702-707)? I guess this also raises the question
	  of whether the saml assertion should stand alone in
	  the wsse:Security header or be embedded as suggested
	  in the WS-Core spec (12/29 merged version lines 778-788).

	2 Based on the use of prepending (p 14 lines 460-464):
	  for the hk example (p 15-17), should the Signature come
	  first according to the prepending rules? Since one would
	  probably first put the assertion in the header, then do 
	  the signing which refers to the assertion in the KeyInfo
	  (p 16 lines 573-578), and since the signing came last the 
	  prepending rule I assume would dictate that the signature should 
	  appear first in the wsse:Security header.

	  NOTE: I'm not 100% sure of this because even in the WS-core spec
	  (12/29 rev) the prepending rule for sigs (p 30 line 916) seems
	  to be in conflict with the example (p41-42 lines 1336-1346
(005-012))
	  where those elements (Timestamp and BinarySecurityToken) are
	  referenced by the Signature (lines 1370 (031), 1396 (053)).

	3 Similarly, the Signature (p 19 lines 696-720) in the
sender-vouches 
	  case probably should appear first in the wsse:Security element
	  (p 18 line 639), assuming my interpretation of prepending is
correct.

	Thanks,

	Rich Levinson


-----Original Message-----
From: ronald.monzillo@sun.com [mailto:ronald.monzillo@sun.com] 
Sent: Tuesday, December 16, 2003 10:32 AM
To: wss@lists.oasis-open.org
Subject: [wss] Groups - WSS-SAML-08.pdf uploaded


The document WSS-SAML-08.pdf has been submitted by ronald monzillo
(ronald.monzillo@sun.com) to the OASIS Web Services Security TC document
repository.

Document Description:


Download Document:  
http://www.oasis-open.org/apps/org/workgroup/wss/download.php/4534/WSS-SAML-
08.pdf

View Document Details:
http://www.oasis-open.org/apps/org/workgroup/wss/document.php?document_id=45
34


PLEASE NOTE:  If the above links do not work for you, your email application
may be breaking the link into two pieces.  You may be able to copy and paste
the entire link address into the address field of your web browser.



To unsubscribe from this mailing list (and be removed from the roster of the
OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php
.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]