[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Comments on Sender-Vouches-Signed section in SAML Interop draft
Hi Ron, It should be the document and not the schemas URI. The right one is indeed: http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message -security-1.0#STR-Transfrom Thanks for the clarification. --ms -----Original Message----- From: Ron Monzillo [mailto:Ronald.Monzillo@Sun.COM] Sent: Thursday, March 25, 2004 7:40 AM To: Maneesh Sahu Cc: Levinson, Richard; wss@lists.oasis-open.org Subject: Re: [wss] Comments on Sender-Vouches-Signed section in SAML Interop draft Maneesh et al., You have found a problem in the STP, but the core document says: "This transform is specified by the URI #STR-Transform (Note that URI fragments are relative to 972 this document's URI) 973" So if the correct URI based on the schema or the document? You chose to base it off the schema. Should it be, or am I taking the lines 972 too literally? http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message -security-1.0#STR-Transfrom Ron Maneesh Sahu wrote: > Rich, > > Another update required in the "WSS:SAML Token Profile" and the "WSS: > SAML Interop 1 Scenarios" documents is the algorithm name for the > STR-Transform that goes into the dsig:Transform Algorithm attribute > value. The SAML documents list the algorithm as > http://schemas.xmlsoap.org/ws/2003/06/STR-Transform in the examples. > > The WSS Soap Message Security document however recommends: > http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-s ecext-1.0.xsd#STR-Transform > > > --ms > > ------------------------------------------------------------------------ > > From: Levinson, Richard [mailto:rlevinson@netegrity.com] > Sent: Tuesday, March 23, 2004 10:46 AM > To: Maneesh Sahu; wss@lists.oasis-open.org > Subject: RE: [wss] Comments on Sender-Vouches-Signed section in SAML > Interop draft > > Maneesh, > > Thank you for calling my attention to your earlier email at today's > meeting. > > I had missed it earlier. > > In any event, you are correct on all 3 comments. The first (rsa-sha1) and > > third (#attesterCert) are simply typos that should be corrected. > > The 2nd comment (STR-Transform) is redundant as you indicate, > > however, it was derived from the SAML profile document, > > which used the STR to reference an external assertion. > > Also, it is intended to be demonstrative of using the > > STR to reference assertions, and its redundancy should not > > interfere with operation: i.e. a message should not be rejected, > > in general, as long as it is compliant with the WS-Security spec, > > and associated token profile. > > I will hold off updating the spec with the typo fixes for a couple > > of weeks to see if additional comments come in. > > Thanks, > > Rich Levinson > > ------------------------------------------------------------------------ > > From: Maneesh Sahu [mailto:maneesh@westbridgetech.com] > Sent: Thursday, February 05, 2004 8:09 PM > To: wss@lists.oasis-open.org > Subject: [wss] Comments on Sender-Vouches-Signed section in SAML > Interop draft > > Hi, > > I have a few comments and need some clarifications on the example > provided with the sender-vouches:signed section: > > Page 25 > > Line 688: Shouldnt the signature method be rsa-sha1 instead of > hmac-sha1 ? > > Line 691: For sender-vouches, the STR-Transform may be a bit > redundant. It may be useful for holder-of-key where the assertions > are immutable and need to be referenced differently. > > Line 708: Shouldnt the reference URI be #attesterCert instead of > attesterCert ? > > Apologies if these issues have been tackled earlier...this is my > first day on the group. > > --ms > > Maneesh Sahu > > Westbridge Technology, Inc. >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]