[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: NEW ISSUE: What values can be carried in a /wst:RequestSecurityToken/wst:Claimselement?
*PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER. * *The issues coordinators will notify the list when that has occurred.* * * Protocol: ws-trust ws-trust-1.3-spec-ed-01-r03-diff Artifact: spec Type: design Title: What values can be carried in a /wst:RequestSecurityToken/wst:Claims element? Description: lines 530-535 of ws-trust-1.3-spec-ed-01-r03-diff state: [quote] /wst:RequestSecurityToken/wst:Claims This optional element requests a specific set of claims. In most cases, this element contains claims identified as required in a service's policy. Refer to [WS-Policy] for examples of how a service uses policy to specify claim requirements. The @Dialect attribute specifies a URI to indicate the syntax of the claims. No URIs are predefined; refer to profiles and other specifications to define these URIs. [\quote] We are unable to follow what is meant here. What language is used to specify claims for different token types? There is a reference here to examples in WS-Policy (Sep 2004) but no other detail. WS-Policy (Sep 2004) does not specifically discuss this issue nor does it offer an example of a service using a policy to specify claim requirements. I am also not sure what the role of "profiles" and the @Dialect attribute is. Is this a reference to WSS 1.x profiles or to forthcoming profiles to developed as part of WS-SX? Is the intent here to allow policies from WS-SecurityPolicy to be expressed? Related issues: Proposed Resolution: My guess is that this should reference is WS-SecurityPolicy with language like: [quote] This optional element requests a specific set of claims. In most cases, this element contains claims identified as required in a service's policy. Policy expressions taken from WS-SecurityPolicy may be used to describe the claims sought by the requestor. [\quote] But this still leaves open the role of @Dialect. So I need the questions given above to be answered first, before I can propose alternative text.