OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] New Issue: AssertionID/ WSS Direct referencecompatability

Greg Whitehead wrote:

>> The short term work-around for that problem is to use a 
>> KeyIdentifier, ultimately
>> the solution may be to evolve both WSS and the token schema ids to 
>> match the outcome
>> of the xml:id activity (which will not require encapsulation).
> How would KeyIdentifier work? If you mean that we can just define our 
> own STR mechanism that works with our ID, that sounds best, but I 
> didn't think that was an option.

a KID is an alternative to a direct STR reference.
The value of the KID is the AssertionID, as indicated by the valuetype
attribute of the KID.

<STR wsu:id="...">
<KID wsu:id="..." valuetype="...#/SAMLAssertionID">

I would prefer that we be able to use our id in a local direct 
reference, but given
that that has been prohibited, we should be able to use KIDs until this 
stuff sorts out.

Version 14 of the STP was changed to use KIDs in place of Direct (local) 



> -Greg

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]