[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: new ISSUE: KRB% tokne profile use of Token Type
comments are wrt to the document at: http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15124/oasis-wss-kerberos-token-profile-1.1.pdf Section 3.2 refers to BinarySecurityTokens; where TokenType cannot be specified. Please revert recent change to yield the following. 157 3.2 Attaching Security Tokens 158 Kerberos tokens are attached to SOAP messages using WSS: SOAP Message Security by using 159 the <wsse:BinarySecurityToken> described in WSS: SOAP Message Security. When using 160 this element, the @ValueType and attribute MUST be specified. This 161 specification defines six values for this attribute as defined in the table below: -- Section 3.3 refers to the use of STR's to reference kerberos security tokens, and is the place where use of token type should be required. Lines 202-204 should be changed as follows: 202 When a Kerberos Token is referenced using <wsse:SecurityTokenReference> the @TokenType attribute MUST be specified, and its value must be the URI that identifies the Kerberos token type as defined for a corresponding BinarySecurityToken @ValueType attribute. The 203 Reference@ValueType attribute is not required. If specified, its value must be equivalent to that of the @TokenType attribute. the examples at lines 225-230 and at lines 249-254 should also be changed (as follows) to include the token type attribute. Note that independent of the use of the tokentype attribute, the reference@valuetype attribute at line 228 needs to reflect the token type (not the reference type). 225 <wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasiswss- kerberos-token-profile-1.1#Kerberosv5_AP_REQ"> 226 <wsse:Reference URI="#MyToken" 227 ValueType="http://docs.oasis-open.org/wss/oasis-wss-kerberos-token- 228 profile-1.1#Kerberosv5_AP_REQ"> 229 </wsse:Reference> 230 </wsse:SecurityTokenReference> 249 <wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasiswss- kerberos-token-profile-1.1#Kerberosv5_AP_REQ"> 250 <wsse:KeyIdentifier ValueType="http://docs.oasis- 251 open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerb 252 erosv5APREQSHA1">GbsDt+WmD9XlnUUWbY/nhBveW8I= 253 </wsse:KeyIdentifier> 254 </wsse:SecurityTokenReference> The table heading at line 211. i.e., ReferenceIdentifier. perhaps should als be changed to KeyIdentifier.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]