[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: keyIdentifier valuetypes of Username and X509 profiles are definedrelative to wsse schema
In its table 2 (beginning on line 177), the X509 profile defined token value types using URI fragment identifiers, relative to the URI for the containing specification (i.e the X509 profile). This approach ensures that the token value types include the version of the profile in their full URI. Conversely, the x509 token profile requires that a KeyIdentifier ValueType be specified and that it carry a core relative URI (i.e. wsse:X509SubjectKeyIdentifier) One of our goals was to be able to version profiles independent of the core. The choice of the core relative URI does not preclude independent profile versioning, it just complicates the recognition of the token profile version in the case of the profile version 1 X509 keyIdentifiers, since the version of the wsse schema must be interpretted to imply the version of the profile. The next version of the X509 profile could acheive independent versioning of keyIdentifier valueType by requiring the use of a profile relative fragment identifier for keyIdentifier ValueType. The USerName token profile prohibits the use of keyIdentifier's. However in its table beginning on line 242, and in contrast to the requirements of the X509 profile, it requires that (when specified) that token value type (in a direct reference) be specified using a core relative URI fragment identifier (i.e. wsse:UsernameToken) The next version of the USername token profile could acheive independent versioning of token valueType by defining a profile relative fragment identifier for Reference value type. To allow for simple and consistent core independent identification of token profile and version, both of the discussed used of value types (in all of the profiles) should be profile relative. Ron
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]