Subject: RE: [ws-sx] Use-Case and Proposed Solution for i010
I believe Prateek has touched on an important scenario that should be supported by WS-Trust, and is consistent with the way many organizations will want to use the protocol. Specifically, WS-Trust should support a scenario where a client of the STS can "authenticate" to the STS using a security token bound to the request as described in WSS, and also include another "supporting security token" in the header of the request. Currently, I see nothing in the spec that prescribes how the STS could distinguish between the two tokens. If it's there, then I apologize for my ignorance. Specifically, I agree with the approach you take in the possible solution you suggest in 3.2.2, although I think I may be suggesting something slightly different here. > -----Original Message----- > From: Prateek Mishra [mailto:email@example.com] > Sent: Monday, February 20, 2006 3:44 PM > To: firstname.lastname@example.org > Subject: [ws-sx] Use-Case and Proposed Solution for i010 > > This note follows up on the informal outline given in: > > http://lists.oasis-open.org/archives/ws-sx/200602/msg00070.html > > If appropriate, I can turn the attached note into a more formal > submission to the TC.