OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-brsp-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ws-brsp-comment] ws-i test tool issue ?

Thanks for the update, Jacques.I'll try to get some time to look at a fix for this issue.

Regards,
Jim
On 07/19/2013 04:28 AM, Jacques Durand wrote:
Jim:

After investigation of this new issue you reported (WSBRSP-4<https://lists.oasis-open.org/archives/ws-brsp-comment/201305/msg00003.html>), my own opinion is that you are right: there is a bug in the test tool regarding the verification of BSP3032: the use case you mention below clearly should pass the test. The TC still needs to confirm this more formally at next meeting.
At this time, the BRSP TC  does not have the time/expertise to investigate the code and modify this test tool. If you are willing to actually do and propose a code update for this tool, we may however be able to review it and approve it. This test tool is in the process of being contributed to an open-source project.

Thanks,
-jacques

From: Jim Ma [mailto:ema@redhat.com]
Sent: Monday, May 13, 2013 8:41 PM
To: Jacques Durand
Cc: ws-brsp-comment@lists.oasis-open.org; Alessio Soldano
Subject: Re: [ws-brsp-comment] ws-i test tool issue ?

Hi Jacques,
Thanks for the response.  I possibly found another test tool bug , can you please have a look again ?
When the test tool analyzed the follow kerberos token message[1] , it always complains with the BSP3032 assertion failure.
But from the ws-i bsp prifle.1.1 section 15, the ValuType is correct and it is almost the same with the correct example .

[1]
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"<http://schemas.xmlsoap.org/soap/envelope/>>
   <soap:Header>
     <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>>
     <wsse:BinarySecurityToken
                 xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd>
                 EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary>
                 ValueType="http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ"<http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ>
wsu:Id="BST7293564EF750ED3B7213684999669821">YIICYAYJKoZIhvcSAQICAQBuggJPMIICS6ADAgEFoQMCAQ6iBwMFAAAAAACjggFhYYIBXTCCAVmgAwIBBaEPGw1XUy5BUEFDSEUuT1JHoicwJaADAgEAoR4wHBsDYm9iGxVzZXJ2aWNlLndzLmFwYWNoZS5vcmejggEWMIIBEqADAgESoQMCAQKiggEEBIIBAETe4MYI2rvOhieLjRRpx2OQnZJ5Vnx70aTENd3CZBC+1/3TQ8AO+lpNcnZ12GMOcS26GCQ6444bxEiu4fQ84ZHW4CEMSDus0k3Vvs6iCSq8w70jSYEy5x3rHdkaInObI1dP3+cMkKJqfJ6p/osqobV6g9D2zvA46CJCkEjLtLqx9bHXlef5eNaxK0GdcUngMf3F/sKngunDULPyN4iDheBPsklQU3+xLIGDmy3xp+inP7rn4EmmfbZI3wnrTpKvHmUwXYdaRnCyLx9Vckv+5LYiTDiDaG7IF6dqIyKa/HGHzSeRx8AVKYpOjxuzh1cXr43V3ya0IAERmGCCRKnO5KakgdAwgc2gAwIBEqKBxQSBwh5IJWyAHLjY5lwvOeUOboiKUgo2iB9auBM2xHqR3SYXhb//MxbU3Dy7/5m5OSVwXRD8Mrj7KBqDzdTU90sUdThFfzW6pz5jUwY22YPOYR17D9bCVCKBi/STp5hFqquryTm8TFozwqt3yuh+lht5ruRiNKLz5Qtz5CcFnvRhxX1M+cB9IfFjuWHEBVb0cmFjxLCeV5KO0AFp/4nSiga7p/UP5U6xLgQIsJgGjv4JlPcF/4Iw/um2k1h/tQ4IhGMNsrTT
     </wsse:BinarySecurityToken>
     </wsse:Security>
</soap:Header>
<soap:Body><ns2:DoubleIt xmlns:ns2="http://www.example.org/schema/DoubleIt"<http://www.example.org/schema/DoubleIt>><numberToDouble>10</numberToDouble></ns2:DoubleIt></soap:Body>
</soap:Envelope>

[2]
message_1-binarySecurityToken-BST-7293564EF750ED3B7213684999669821
Assertion: BSP3032
Result :    failed
Failure Message :    A wsse:BinarySecurityToken element has a ValueType attribute whose value is outside the defined token profiles.
Failure Detail Message:     A wsse:BinarySecurityToken element has a ValueType attribute  whose value is outside the defined token profiles.


Thanks,
Jim


On 05/14/2013 07:44 AM, Jacques Durand wrote:
Jim:
Sorry for delayed response.
As far as I can it is a test tool bug:
your message is compliant as far as R3070 is concerned: it uses a valid SAML token reference  (per R6617) and therefore is not required to have an EncodingType attribute.
Regards,
-jacques D.

From: ws-brsp-comment@lists.oasis-open.org<mailto:ws-brsp-comment@lists.oasis-open.org> [mailto:ws-brsp-comment@lists.oasis-open.org] On Behalf Of Jim Ma
Sent: Thursday, April 18, 2013 1:14 AM
To: ws-brsp-comment@lists.oasis-open.org<mailto:ws-brsp-comment@lists.oasis-open.org>
Subject: [ws-brsp-comment] ws-i test tool issue ?

Hi All,
When I check ws-i bsp compliance of the following soap message[1] with the test tool (download from [2]) ,
the analyzed report with BasicSecurityProfile-1.1-TAD always complains BSP3070 assertion failed and a wsse:KeyIndetifier
element does NOT contain a EncodingType attribute (i.e., it is NOT the case that "./self::wsse:KeyIdentifier[@EncodingType]").
But the BasicSecurityProfile-1.1 says it is not required if it refers to a SAML token :
R3070 Any STR_KEY_IDENTIFIER that refers to a SECURITY_TOKEN other than a SAML_TOKEN MUST specify an EncodingType attribute

Is this a bug in test tool or it doesn't support saml-token-profile-1.1 ?

[1]
  <ds:KeyInfo Id="KI-BCF3790C6A856CAB8013662645516286">
       <ns4:SecurityTokenReference xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>
                 xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"<http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd>
                 wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"<http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0>>
           <ns4:KeyIdentifier
                            ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID"<http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID>>_3DF61F55AC044E478A13662645512771</ns4:KeyIdentifier>
       </ns4:SecurityTokenReference>
  </ds:KeyInfo>


[2]http://www.ws-i.org/Testing/Tools/Attach_17_WSI_Test_Java_WGD_BSP_1.1.zip


Thanks,
Jim





    

    

  


















[Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [List Home]