OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Issue 41: Clarification on token propagation of SCT required

This is now logged as issue 41.

-----Original Message-----
From: martin.raepple@sap.com [mailto:martin.raepple@sap.com] 
Sent: Monday, February 27, 2006 5:16 AM
To: ws-sx@lists.oasis-open.org
Cc: Marc Goodner
Subject: [ws-sx] NEW Issue: Clarification on token propagation of SCT
required

PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
THE ISSUE IS ASSIGNED A NUMBER.  
The issues coordinators will notify the list when that has occurred.

Protocol:  ws-trust / ws-sc

ws-secureconversation-1.3-spec-ed-01-r03-diff.doc

Artifact:  spec

Type:

design

Title:

Clarification on token propagation of SCT required when STS has no prior
knowledge of which parties the requester needs a token for.

Description:

WS-SC defines SCT token propagation in order to distribute an SCT and
its POP token to the requester (context initiator) and the other parties
(endpoint for secured requests). Section 3 (lines 255 ff), Establishing
Security Contexts, refers to the mechanisms in WS-Trust for token
propagation. If the STS has no prior knowledge of which parties the
requester needs a token for, WS-Trust provides two alternatives to
define theses parties in the RST:

- wsp:AppliesTo in RST and RSTR, Section 4.2.1 (lines 677 ff):
  <quote>
  Both the requestor and the issuer can specify a scope for the issued
token using the <wsp:AppliesTo> element.
  </quote>
  wsp:AppliesTo can be used to carry wsa:EndpointReference elements
which contain endpoint URLs.

- Authorized Token Participants, Section 9.5 (lines 1969 ff): 
  <quote>
  This parameter is typically used when there are additional parties
using the token or if the requestor needs to clarify the actual parties
involved (for some profile-specific reason).
  </quote>
  wst:ParticipantType can contain an arbitrary structure according to
the ws-trust XSD.

From the quotes above, my guess is that WS-SC should refer to the
Authorized Token Participants extension element for the RST and should
give an example or enhance the existing SCT Request Example (section
3.2, lines 323 ff) in section 3.3 of the WS-SC spec.

Related issues:


Proposed Resolution:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]