[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] New Issue: AssertionID/ WSS Direct referencecompatability
Greg Whitehead wrote: >> The short term work-around for that problem is to use a >> KeyIdentifier, ultimately >> the solution may be to evolve both WSS and the token schema ids to >> match the outcome >> of the xml:id activity (which will not require encapsulation). > > > How would KeyIdentifier work? If you mean that we can just define our > own STR mechanism that works with our ID, that sounds best, but I > didn't think that was an option. a KID is an alternative to a direct STR reference. The value of the KID is the AssertionID, as indicated by the valuetype attribute of the KID. <STR wsu:id="..."> <KID wsu:id="..." valuetype="...#/SAMLAssertionID"> value </KID> </STR> I would prefer that we be able to use our id in a local direct reference, but given that that has been prohibited, we should be able to use KIDs until this stuff sorts out. Version 14 of the STP was changed to use KIDs in place of Direct (local) refs. http://www.oasis-open.org/apps/org/workgroup/wss/download.php/7707/WSS-SAML-14.pdf Ron > > -Greg >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]