[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Representing requestor's identity
John, Can you identify the specific XAdES attributes that you think are relevant. If relevant WSS token can be used as a type of object in the supporting data. However, Trevor raised a valid question as to whether carring a WSS Token within the Signature is appropriate. String name is an example of requestor identity with no type. Nick > -----Original Message----- > From: jmessing [mailto:jmessing@law-on-line.com] > Sent: 20 May 2003 17:15 > To: dss@lists.oasis-open.org > Subject: RE: [dss] Representing requestor's identity > > > > I would think that the attributes contained in the contribution > from you and Nick should be added as a possible source for other > information supporting the name. The three mentioned in that > paragraph should not be exclusive. Any method should be > supported, even ones that we do not know about today, if we are > simply describing methods of authentication or supplemental > information about it. > > Also, in the first part, where is a WSS security token and string > name? Are we back to SAML again? I thought we had resolved that issue. > > ---------- Original Message ---------------------------------- > From: Juan Carlos Cruellas <cruellas@ac.upc.es> > Date: Tue, 20 May 2003 16:26:25 +0200 > > >Dear all, > > > >One of the issues that we should try to deal with during these > days is the > >issue of representing requestor's identity and how this should > be included > >in the requirements document. > >So far the latest version of teh requireements document says in its 3.2.1 > >section: > > > >"If the server is not signing with a key specific to the requestor, then > >the server might want to > >represent the requestor's name, and possibly details of how the requestor > >authenticated, in a 205 > >signed attribute. We will define an XML element for this purpose, which > >will contain: 206 > >• Requestor Name (in a type/value format such as a SAML > NameIdentifier) 207 > >• (Optionally) Information supporting the name (such as a SAML Assertion, > >Liberty Alliance 208 > >Authentication Context, or X.509 Certificate)" > > > >Does this constitute a basis for reaching a consensus or is there anyone > >thinking that > >something should be changed or added? > > > > > >Juan Carlos. > > > > > > > >You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php > > You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]