[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Use-Case and Proposed Solution for i010
I believe Prateek has touched on an important scenario that should be supported by WS-Trust, and is consistent with the way many organizations will want to use the protocol. Specifically, WS-Trust should support a scenario where a client of the STS can "authenticate" to the STS using a security token bound to the request as described in WSS, and also include another "supporting security token" in the header of the request. Currently, I see nothing in the spec that prescribes how the STS could distinguish between the two tokens. If it's there, then I apologize for my ignorance. Specifically, I agree with the approach you take in the possible solution you suggest in 3.2.2, although I think I may be suggesting something slightly different here. > -----Original Message----- > From: Prateek Mishra [mailto:prateek.mishra@oracle.com] > Sent: Monday, February 20, 2006 3:44 PM > To: ws-sx@lists.oasis-open.org > Subject: [ws-sx] Use-Case and Proposed Solution for i010 > > This note follows up on the informal outline given in: > > http://lists.oasis-open.org/archives/ws-sx/200602/msg00070.html > > If appropriate, I can turn the attached note into a more formal > submission to the TC.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]