OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: NEW ISSUE: What values can be carried in a /wst:RequestSecurityToken/wst:Claimselement?

 

*PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL 
THE ISSUE IS ASSIGNED A NUMBER.  *

*The issues coordinators will notify the list when that has occurred.*

* *

Protocol:  ws-trust

ws-trust-1[1].3-spec-ed-01-r03-diff

Artifact:  spec

 

Type:

design

 

Title:

What values can be carried in a /wst:RequestSecurityToken/wst:Claims 
element?

 

Description:

lines 530-535 of  ws-trust-1[1].3-spec-ed-01-r03-diff state:

[quote]

/wst:RequestSecurityToken/wst:Claims

This optional element requests a specific set of claims.  In most cases, 
this element contains claims identified as required in a service's 
policy. Refer to [WS-Policy] for examples of how a service uses policy 
to specify claim requirements.  The @Dialect attribute specifies a URI 
to indicate the syntax of the claims.  No URIs are predefined; refer to 
profiles and other specifications to define these URIs.

[\quote]


We are unable to follow what is meant here. What language is used to 
specify claims for different token types?

There is a reference here to examples in WS-Policy (Sep 2004) but no 
other detail. WS-Policy (Sep 2004) does not specifically discuss this 
issue nor does it offer an example of a service using a policy to 
specify claim requirements.

I am also not sure what the role of "profiles" and the @Dialect 
attribute is. Is this a reference to WSS 1.x profiles or to forthcoming 
profiles to developed
as part of WS-SX?

Is the intent here to allow policies from WS-SecurityPolicy to be expressed?

Related issues:


 

Proposed Resolution:

My guess is that this should reference is WS-SecurityPolicy with 
language like:

 [quote]


This optional element requests a specific set of claims.  In most cases, 
this element contains claims identified as required in a service's policy.
Policy expressions taken from WS-SecurityPolicy may be used to describe 
the claims sought by the requestor.

[\quote]

But this still leaves open the role of @Dialect. So I need the questions 
given above to be answered first, before I can propose alternative text.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]