OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: new ISSUE: KRB% tokne profile use of Token Type

comments are wrt to the document at:

http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15124/oasis-wss-kerberos-token-profile-1.1.pdf


Section 3.2 refers to BinarySecurityTokens; where TokenType cannot be
specified. Please revert recent change to yield the following.

157 3.2 Attaching Security Tokens

158 Kerberos tokens are attached to SOAP messages using WSS: SOAP
Message Security by using
159 the <wsse:BinarySecurityToken> described in WSS: SOAP Message
Security. When using
160 this element, the @ValueType and attribute MUST be specified. This
161 specification defines six values for this attribute as defined in
the table below:

-- 
	
Section 3.3 refers to the use of STR's to reference kerberos security
tokens, and is the place where use of token type should be required.

Lines 202-204 should be changed as follows:

202 When a Kerberos Token is referenced using
<wsse:SecurityTokenReference> the @TokenType attribute MUST be
specified, and its value must be the URI that identifies the Kerberos
token type as defined for a corresponding BinarySecurityToken @ValueType
attribute. The
203 Reference@ValueType attribute is not required. If specified, its
value must
be equivalent to that of the @TokenType attribute.

the examples at lines 225-230 and at lines 249-254 should also be
changed (as follows) to include the token type attribute. Note that
independent of the use of the tokentype attribute, the
reference@valuetype attribute at line 228 needs to reflect the
token type (not the reference type).

225 <wsse:SecurityTokenReference
wsse11:TokenType="http://docs.oasis-open.org/wss/oasiswss-
kerberos-token-profile-1.1#Kerberosv5_AP_REQ">
226 <wsse:Reference URI="#MyToken"
227 ValueType="http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-
228 profile-1.1#Kerberosv5_AP_REQ">
229 </wsse:Reference>
230 </wsse:SecurityTokenReference>

249 <wsse:SecurityTokenReference
wsse11:TokenType="http://docs.oasis-open.org/wss/oasiswss-
kerberos-token-profile-1.1#Kerberosv5_AP_REQ">
250 <wsse:KeyIdentifier ValueType="http://docs.oasis-
251 open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerb
252 erosv5APREQSHA1">GbsDt+WmD9XlnUUWbY/nhBveW8I=
253 </wsse:KeyIdentifier>
254 </wsse:SecurityTokenReference>

The table heading at line 211. i.e., ReferenceIdentifier. perhaps should
als be changed to KeyIdentifier.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]