OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: follow-up on i010

Reading the minutes from the last call, i was asked to provide an 
example to clarify my point.

Consider a case where we have a <wsse:security> header with multiple 
tokens involved; a
username token which names a user ("joe"), X.509 token (i guess this is 
called a supporting
token) and a signature over the user-name-token and body (based on the 
X.509 token).

Now, an application can present this entire security header to STS. The 
STS can make judgements
based on both the X.509 token and the user-name token ("aha, this is a 
message from Joe signed
by the finance server") placing whatever interpretation it chooses to 
w.r.t this header.

But the intermediary cannot provide equivalent information; if we 
imagine an intermediary acting on behalf of
the application. As currently stated in section 11.1, the intermediary 
can only provide a security token,
a STR or an end-point-reference. My suggestion is to expand this list to 
include <wsse:security>
headers as well.

- prateek

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]