Re: [wss] proposal for issue 250: add optional TokenType

[Ron Monzillo <Ronald.Monzillo@Sun.COM>]

Updated as we discussed in yesterday's meeting.

The propoal is to make the following changes in 1.1 core. The changes 
are described in the context of the draft of 1.1 core dated Dec. 13, and 
available at:

http://www.oasis-open.org/apps/org/workgroup/wss/download.php/10649/oasis-2004xx-wss-soap-message-security-1.1-changes.pdf

Ron

------

1. Add the following definition of the TokenType attribute (at 
approximately line 689) of the definition of the STR element

/wsse:SecurityTokenReference/@wsse:TokenType

This optional attribute is used to identify, by URI, the type of the 
referenced token.

This specification recommends that token specific profiles define 
appropriate token type identifying URI values, and that these same 
profiles require that these values be specified in the profile defined
reference forms.

When a TokenType attribute is specified in conjunction with a 
wsse:KeyIdentifier/@ValueType attribute or a wsse:Reference/@ValueType
attribute that indicates the type of the referenced token, the security 
token type identified by the TokenType attribute MUST be consistent with
the security token type identified by the ValueType attribute.

2. make the corresponding change to add the TokenType attribute to the 
1.1 the schema.

3. the following sentence was recently added to the 
wsse:SecurityTokenReference/wsse:Reference/@ValueType attribute

>> The ValueType attribute is RECOMMENDED for BinarySecurityToken and 746
>> RECOMMENDED for Reference with non-local URI.
>  
>
I recommend that this sentence be replaced with:

The use of this attribute to identify the type of the referenced 
security token is deprecated. Profiles which require or
recommend the use of this attribute to identify the type of the 
referenced security token SHOULD evolve to require
or recommend the use of the  wsse:SecurityTokenReference/@wsse:TokenType
attribute to identify the type of the referenced token.