[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Groups - WSS-SAML-08.pdf uploaded
Ron, I have a couple of comments on the WS-SAML profile spec that I would like you to consider. They all have to do with whether the examples are in synch with the intended statements in the specification sections (page and line numbers refer to the merged version of the WS-SAML profile spec. Note there are also some line number references to the WS-Core spec which contains related information to some of the comments) 1 Should the STR dereference transform as described in section 3.3.3 (p12 line 384-387) be used in the sender-vouches scenario in section 3.4.2.3 (p. 19 lines 702-707)? I guess this also raises the question of whether the saml assertion should stand alone in the wsse:Security header or be embedded as suggested in the WS-Core spec (12/29 merged version lines 778-788). 2 Based on the use of prepending (p 14 lines 460-464): for the hk example (p 15-17), should the Signature come first according to the prepending rules? Since one would probably first put the assertion in the header, then do the signing which refers to the assertion in the KeyInfo (p 16 lines 573-578), and since the signing came last the prepending rule I assume would dictate that the signature should appear first in the wsse:Security header. NOTE: I'm not 100% sure of this because even in the WS-core spec (12/29 rev) the prepending rule for sigs (p 30 line 916) seems to be in conflict with the example (p41-42 lines 1336-1346 (005-012)) where those elements (Timestamp and BinarySecurityToken) are referenced by the Signature (lines 1370 (031), 1396 (053)). 3 Similarly, the Signature (p 19 lines 696-720) in the sender-vouches case probably should appear first in the wsse:Security element (p 18 line 639), assuming my interpretation of prepending is correct. Thanks, Rich Levinson -----Original Message----- From: ronald.monzillo@sun.com [mailto:ronald.monzillo@sun.com] Sent: Tuesday, December 16, 2003 10:32 AM To: wss@lists.oasis-open.org Subject: [wss] Groups - WSS-SAML-08.pdf uploaded The document WSS-SAML-08.pdf has been submitted by ronald monzillo (ronald.monzillo@sun.com) to the OASIS Web Services Security TC document repository. Document Description: Download Document: http://www.oasis-open.org/apps/org/workgroup/wss/download.php/4534/WSS-SAML- 08.pdf View Document Details: http://www.oasis-open.org/apps/org/workgroup/wss/document.php?document_id=45 34 PLEASE NOTE: If the above links do not work for you, your email application may be breaking the link into two pieces. You may be able to copy and paste the entire link address into the address field of your web browser. To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php .
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]