[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Proposal for Issue 298
I previously pointed out that while the core says that there are four types of STR reference and gives an order of preference for using them, the X.509 Token Profile defines a method (the use of ds:IssuerSerial within ds:X509Data as a direct child of wsse:SecurityTokenReference) which is not any of the four. Based on a suggestion by Mike Macintosh, I proposed that we make this into a Key Identifier. However at the last TC meeting (7/13) it was pointed out that this would not work because X509Data was a complex type and this would result in a schema validation error. After some discussion I believe the solution with the least impact is to add to the errata of the core a statement that "For the purposes of determining the order of preference of reference types, the use of IssuerSerial within X509Data should be considered to be a form of Key Identifier." This involves no schema changes and does not invalidate the interop testing. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]