[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Comments on SAML Token Profile
[Mike] My comment is based on the fact that, during the interop, in order for us (IBM) to implement dereferencing of local direct references, we had to modify code in what was the token independent portion of our implementation. We do not want to start a trend that requires us to update this common code every time we want to support a new token type. [\Mike] Agreed, we should discuss this and the broader issue of whether complete genericity is possible at this level. I was objecting to linking an errata request for WSS 1.0 with the SAML Token profile. The two should be dealt with separately. = prateek > > Thanks, > > Prateek Mishra > > > > > From: Anthony Nadalin [mailto:drsecure@us.ibm.com] > Sent: Monday, June 21, 2004 2:39 PM > To: wss@lists.oasis-open.org > Subject: [wss] Comments on SAML Token Profile > > We ran into some inconsistencies while participating in the recent SAML interop. > The WSS core specification describes a "Direct Reference" mechanism to be used with > STRs. A Reference element with a URI attribute is used. When the referenced token > is located within the Security header, the URI contains a shorthand XPointer > reference to the token. In order for this to work, the token element must contain > an attribute of type ID. WSS defines the wsu:Id attribute with type ID for naming > the reference. Direct references within the message should not require token > specific methods so we suggest the following actions be taken: > > 1) Errata to the WSS core to make it clear the tokens must have an attribute named wsu:Id. > 2) Change to the SAML Token Profile to use an wsu:Id attribute or use a wsse:KeyIdentifier > > Anthony Nadalin | work 512.838.0085 | cell 512.289.4122
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]