OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: AW: [ws-sx] Issue 31: Clarification for UsernameToken assertion

I agree to the comment for the server's point of view. But
what about the client? MAybe I'm wrong here but my understanding
of WSP is to define what type of tokens to use, what they are 
used for (encrypt, signing, etc.), and which elements they contain.

In that sense a client that creates a message IMHO needs to
which elements a Usernametoken shall contains, which type of
password to use etc. This cannot be defined as it stands today.

Regards,
Werner

> -----Ursprüngliche Nachricht-----
> Von: Martin Gudgin [mailto:mgudgin@microsoft.com] 
> Gesendet: Mittwoch, 15. Februar 2006 00:23
> An: Marc Goodner; Dittmann, Werner; ws-sx@lists.oasis-open.org
> Betreff: RE: [ws-sx] Issue 31: Clarification for 
> UsernameToken assertion
> 
> Comments inline
> 
> Cheers
> 
> Gudge 
> 
> > -----Original Message-----
> > From: Marc Goodner [mailto:mgoodner@microsoft.com] 
> > Sent: 09 February 2006 20:51
> > To: Dittmann, Werner; ws-sx@lists.oasis-open.org
> > Subject: [ws-sx] Issue 31: Clarification for UsernameToken assertion
> > 
> > This is now logged as issue 31.
> > 
> > Marc Goodner
> > Technical Diplomat
> > Microsoft Corporation
> > Tel: (425) 703-1903
> > Blog: http://spaces.msn.com/mrgoodner/ 
> > 
> > 
> > -----Original Message-----
> > From: Dittmann, Werner [mailto:werner.dittmann@siemens.com] 
> > Sent: Thursday, February 09, 2006 12:18 AM
> > To: ws-sx@lists.oasis-open.org
> > Cc: Marc Goodner
> > Subject: [ws-sx] NEW Issue: Clarification for UsernameToken 
> assertion
> > 
> > PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON 
> THREAD UNTIL
> > THE ISSUE IS ASSIGNED A NUMBER.
> > 
> > The issues coordinators will notify the list when that has occurred.
> > 
> > Protocol:  ws-sp
> > ws-securitypolicy-1.2-spec-ed-01-r03-diff.pdf
> > 
> > Artifact:  spec
> > 
> > Type: design
> > 
> > Title: Clarification for UsernameToken assertion
> > 
> > Description:
> > 
> > The UsernameToken defines additonal (optional) assertions 
> that specify
> > the WSS spec version. IMHO this is not enough to fully specify a
> > UsernameToken. For example a UsernameToken may have a additonal
> > elements such as a creation time. The WSS specs do not define in any
> > way if such elements shall be included or not (some are 
> > recommended but
> > no mandated).
> 
> [MJG]
> The assumption is that if you accept, for example, UsernameTokens per
> WSS 1.0, then you will accept all legal serializations 
> 
> > 
> > Related issues:
> > none
> > 
> > Proposed Resolution:
> > 
> > The UsernameToken assertion should be extended to better reflect the
> > WSS username token elements and attributes.
> > 
> > Werner Dittmann
> > Siemens COM MN CC BD TO
> > mailto:Werner.Dittmann@siemens.com
> > Tel:   +49(0)89 636 50265
> > Mobil: +49(0)172 85 85 245
> > 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]