OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: NEW Issue: Clarification on token propagation of SCT required


PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER.  
The issues coordinators will notify the list when that has occurred.

Protocol:  ws-trust / ws-sc

ws-secureconversation-1.3-spec-ed-01-r03-diff.doc

Artifact:  spec

Type:

design

Title:

Clarification on token propagation of SCT required when STS has no prior knowledge of which parties the requester needs a token for.

Description:

WS-SC defines SCT token propagation in order to distribute an SCT and its POP token to the requester (context initiator) and the other parties (endpoint for secured requests). Section 3 (lines 255 ff), Establishing Security Contexts, refers to the mechanisms in WS-Trust for token propagation. If the STS has no prior knowledge of which parties the requester needs a token for, WS-Trust provides two alternatives to define theses parties in the RST:

- wsp:AppliesTo in RST and RSTR, Section 4.2.1 (lines 677 ff):
  <quote>
  Both the requestor and the issuer can specify a scope for the issued token using the <wsp:AppliesTo> element.
  </quote>
  wsp:AppliesTo can be used to carry wsa:EndpointReference elements which contain endpoint URLs.

- Authorized Token Participants, Section 9.5 (lines 1969 ff): 
  <quote>
  This parameter is typically used when there are additional parties using the token or if the requestor needs to clarify the actual parties       involved (for some profile-specific reason).
  </quote>
  wst:ParticipantType can contain an arbitrary structure according to the ws-trust XSD.

From the quotes above, my guess is that WS-SC should refer to the Authorized Token Participants extension element for the RST and should give an example or enhance the existing SCT Request Example (section 3.2, lines 323 ff) in section 3.3 of the WS-SC spec.

Related issues:


Proposed Resolution:


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]