[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Action Item 2005-08-23-01: Kerberos Token Profile and RFC1510 vs RFC 4120
Martin: I would also concur. Duane -----Original Message----- From: Martin Gudgin [mailto:mgudgin@microsoft.com] Sent: Tuesday, September 20, 2005 7:42 AM To: Ronald.Monzillo@Sun.COM Cc: wss@lists.oasis-open.org Subject: RE: [wss] Action Item 2005-08-23-01: Kerberos Token Profile and RFC1510 vs RFC 4120 Ron, Sorry, I've just found this... I think I agree that we need to say something about wsse11:TokenType. Regarding whether we define values for ValueType, I think it depends on whether you think 1.1 token types can be used with WSS 1.0. Gudge > -----Original Message----- > From: Ron Monzillo [mailto:Ronald.Monzillo@Sun.COM] > Sent: 06 September 2005 09:16 > To: Martin Gudgin > Cc: wss@lists.oasis-open.org > Subject: Re: [wss] Action Item 2005-08-23-01: Kerberos Token > Profile and RFC1510 vs RFC 4120 > > Martin, > > Does the Krb5 token profile require that 1.1 message senders set the > wsse:TokenType attribute in STR values? > > Note that in lines 924 to 928 of the core we recommended that use of > the Reference:ValueType attribute to identify the type of a referenced > token be discontinued (and that new profiles should employ > the TokenType > attribute for this purpose). > > we expect that this may be an evolutionary process, where for > some time, > the ValueType attribute may continue to be used in addition to the > TokenType attribute. > > Since the KrB5 profile is being standardized by 1.1, it would > seem that > we could do without specifying new values to be included in ValuType, > and that these new token type identifying values could and should be > introduced as TokenType values. > > Ron > > > > Martin Gudgin wrote: > > Having surveyed the vast array of interop participants I > believe we have > > two possible courses of action; > > > > > > 1. Do nothing. > > > > 2. Update the Kerberos Token Profile by making the following > > changes; > > > > a) Add a reference to RFC4120 to Section 5. > > > > b) Add 4 URIs to the table in Section 3.2 as follows > > > > URI: > > > http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber > os-token-p > > rofile-1.1#Kerberosv5_AP_REQ1510 > > Description: Kerberos v5 AP-REQ as defined in RFC1510. This > ValueType is > > used when the ticket is an AP Request per RFC1510 > > > > URI: > > > http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber > os-token-p > > rofile-1.1#GSS_Kerberosv5_AP_REQ1510 > > Description: A GSS wrapped Kerberos v5 AP-REQ as defined in > the GSSAPI > > specification. This ValueType is used when the ticket is an > AP Request > > (ST + Authenticator) per RFC1510. > > > > URI: > > > http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber > os-token-p > > rofile-1.1#Kerberosv5_AP_REQ4120 > > Description: Kerberos v5 AP-REQ as defined in RFC4120. This > ValueType is > > used when the ticket is an AP Request per RFC4120 > > > > URI: > > > http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber > os-token-p > > rofile-1.1#GSS_Kerberosv5_AP_REQ4120 > > Description: A GSS wrapped Kerberos v5 AP-REQ as defined in > the GSSAPI > > specification. This ValueType is used when the ticket is an > AP Request > > (ST + Authenticator) per RFC4120. > > > > c) Amend the descriptions of the first URI currently in Section > > 3.2 as follows; > > > > URI: > > > http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber > os-token-p > > rofile-1.1#Kerberosv5_AP_REQ > > Description: Kerberos v5 AP-REQ as defined in either RFC1510 and > > RFC4120. This ValueType is used when the ticket is an AP Request. > > > > > > Regards > > > > Gudge > > > > > --------------------------------------------------------------------- > > To unsubscribe from this mail list, you must leave the OASIS TC that > > generates this mail. You may a link to this group and all > your TCs in OASIS > > at: > > > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > > > -- > > > --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]