OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [ws-sx-comment] Request Security Token Response Collection


RSTRC is a MUST on the final response only. See section 3.2.
http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html#_Toc162064953

Section 4.3 does also mention RSTRC is a MUST on the final response, I don't see that in the text you quote below. Here is the text from the spec:
"The <wst:RequestSecurityTokenResponseCollection> element (RSTRC) MUST be used to return a security token or response to a security token request on the final response."
http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html#_Toc162064960

The note that RSTRC is a must for the final response only is important for the challenge/nego extensions covered in section 8.
http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html#_Toc162064953

In these interactions the exchange pattern is RTR -> RSTR -> RSTR -> RSTRC. The RSTR -> RSTR interaction is not limited to a single response/reply, thus RSTRC is used to remove any ambiguity and signal that the interaction is complete. It was determined that RSTRC should always be used on the final response even when there was no challenge/nego in play or even only a single token was returned. It made the overall model in the protocol more consistent. I agree it was one of the biggest changes from the input spec.

Also, the schema is non-deterministic as it is has a number of extensibility points. It alone cannot be used to determine if a message is correct or not.

-----Original Message-----
From: Massimiliano Masi [mailto:Massimiliano.Masi@tiani-spirit.com]
Sent: Monday, January 26, 2009 1:48 AM
To: ws-sx-comment@lists.oasis-open.org
Subject: [ws-sx-comment] Request Security Token Response Collection

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I am a bit confused on the WS-Trust 1.3 spec. In section 4.3,

The <wst:RequestSecurityTokenResponseCollection> element (RSTRC) MUST
be used to return a security token.

This means that an RSTR like:

<soap:Body>
  <wst:RequestSecurityTokenResponse>
    <wst:RequestedSecurityToken>
      <xyz:CustomToken>


is not valid? The schema correctly parses it.

Why you need to use a RSTRC even for 1 token? It's a big change
from ws-trust 1.0.

Ciao,

        Massimiliano

- --
Massimiliano Masi

Tiani "Spirit" GmbH
Guglgasse 6
Gasometer A
1110  Vienna
Austria/Europe






-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkl9hs8ACgkQaCwPO3A6yMaa9ACfSW7KHMWFI5bvgjyQMJSNTIt5
2Q0AnjAkP6KOJKoOfOL+91ibTCu5chr7
=/Ow6
-----END PGP SIGNATURE-----

--
This publicly archived list offers a means to provide input to the
OASIS Web Services Secure Exchange (WS-SX) TC.

In order to verify user consent to the Feedback License terms and
to minimize spam in the list archive, subscription is required
before posting.

Subscribe: ws-sx-comment-subscribe@lists.oasis-open.org
Unsubscribe: ws-sx-comment-unsubscribe@lists.oasis-open.org
List help: ws-sx-comment-help@lists.oasis-open.org
List archive: http://lists.oasis-open.org/archives/ws-sx-comment/
Feedback License: http://www.oasis-open.org/who/ipr/feedback_license.pdf
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
Committee: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ws-sx




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]