[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx-comment] Request Security Token Response Collection
RSTRC is a MUST on the final response only. See section 3.2. http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html#_Toc162064953 Section 4.3 does also mention RSTRC is a MUST on the final response, I don't see that in the text you quote below. Here is the text from the spec: "The <wst:RequestSecurityTokenResponseCollection> element (RSTRC) MUST be used to return a security token or response to a security token request on the final response." http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html#_Toc162064960 The note that RSTRC is a must for the final response only is important for the challenge/nego extensions covered in section 8. http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html#_Toc162064953 In these interactions the exchange pattern is RTR -> RSTR -> RSTR -> RSTRC. The RSTR -> RSTR interaction is not limited to a single response/reply, thus RSTRC is used to remove any ambiguity and signal that the interaction is complete. It was determined that RSTRC should always be used on the final response even when there was no challenge/nego in play or even only a single token was returned. It made the overall model in the protocol more consistent. I agree it was one of the biggest changes from the input spec. Also, the schema is non-deterministic as it is has a number of extensibility points. It alone cannot be used to determine if a message is correct or not. -----Original Message----- From: Massimiliano Masi [mailto:Massimiliano.Masi@tiani-spirit.com] Sent: Monday, January 26, 2009 1:48 AM To: ws-sx-comment@lists.oasis-open.org Subject: [ws-sx-comment] Request Security Token Response Collection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I am a bit confused on the WS-Trust 1.3 spec. In section 4.3, The <wst:RequestSecurityTokenResponseCollection> element (RSTRC) MUST be used to return a security token. This means that an RSTR like: <soap:Body> <wst:RequestSecurityTokenResponse> <wst:RequestedSecurityToken> <xyz:CustomToken> is not valid? The schema correctly parses it. Why you need to use a RSTRC even for 1 token? It's a big change from ws-trust 1.0. Ciao, Massimiliano - -- Massimiliano Masi Tiani "Spirit" GmbH Guglgasse 6 Gasometer A 1110 Vienna Austria/Europe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkl9hs8ACgkQaCwPO3A6yMaa9ACfSW7KHMWFI5bvgjyQMJSNTIt5 2Q0AnjAkP6KOJKoOfOL+91ibTCu5chr7 =/Ow6 -----END PGP SIGNATURE----- -- This publicly archived list offers a means to provide input to the OASIS Web Services Secure Exchange (WS-SX) TC. In order to verify user consent to the Feedback License terms and to minimize spam in the list archive, subscription is required before posting. Subscribe: ws-sx-comment-subscribe@lists.oasis-open.org Unsubscribe: ws-sx-comment-unsubscribe@lists.oasis-open.org List help: ws-sx-comment-help@lists.oasis-open.org List archive: http://lists.oasis-open.org/archives/ws-sx-comment/ Feedback License: http://www.oasis-open.org/who/ipr/feedback_license.pdf List Guidelines: http://www.oasis-open.org/maillists/guidelines.php Committee: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ws-sx
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]