Subject: ISSUE 40: What values can be carried in a /wst:RequestSecurityToken/wst:Claims element?
This is now logged as issue 40. There have been enough new issues since my last update yesterday afternoon I will get another one out this afternoon (PST). Marc Goodner Technical Diplomat Microsoft Corporation Tel: (425) 703-1903 Blog: http://spaces.msn.com/mrgoodner/ -----Original Message----- From: Prateek Mishra [mailto:firstname.lastname@example.org] Sent: Tuesday, February 21, 2006 5:46 AM To: email@example.com Subject: [ws-sx] NEW ISSUE: What values can be carried in a /wst:RequestSecurityToken/wst:Claims element? *PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER. * *The issues coordinators will notify the list when that has occurred.* * * Protocol: ws-trust ws-trust-1.3-spec-ed-01-r03-diff Artifact: spec Type: design Title: What values can be carried in a /wst:RequestSecurityToken/wst:Claims element? Description: lines 530-535 of ws-trust-1.3-spec-ed-01-r03-diff state: [quote] /wst:RequestSecurityToken/wst:Claims This optional element requests a specific set of claims. In most cases, this element contains claims identified as required in a service's policy. Refer to [WS-Policy] for examples of how a service uses policy to specify claim requirements. The @Dialect attribute specifies a URI to indicate the syntax of the claims. No URIs are predefined; refer to profiles and other specifications to define these URIs. [\quote] We are unable to follow what is meant here. What language is used to specify claims for different token types? There is a reference here to examples in WS-Policy (Sep 2004) but no other detail. WS-Policy (Sep 2004) does not specifically discuss this issue nor does it offer an example of a service using a policy to specify claim requirements. I am also not sure what the role of "profiles" and the @Dialect attribute is. Is this a reference to WSS 1.x profiles or to forthcoming profiles to developed as part of WS-SX? Is the intent here to allow policies from WS-SecurityPolicy to be expressed? Related issues: Proposed Resolution: My guess is that this should reference is WS-SecurityPolicy with language like: [quote] This optional element requests a specific set of claims. In most cases, this element contains claims identified as required in a service's policy. Policy expressions taken from WS-SecurityPolicy may be used to describe the claims sought by the requestor. [\quote] But this still leaves open the role of @Dialect. So I need the questions given above to be answered first, before I can propose alternative text.