[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: AW: [ws-sx] Issue 27: When to include a token?
In response to the ACTION 2005-03-01-02 here a proposal to
include at the end ot chapter 5.1.1 (or as new chapter 5.1.2).
<proposal>
Token inclusion and Token references
A token assertion may carry a sp:IncludeToken attribute that requires
to include a token in the message. To support this type of token
inclusion the Web Service Security specifications [WSS10] define the
wsse:BinarySecurityToken element that holds the included token.
Several token assertions (refer to chapter 5.3) support addtional ways
to reference tokens, for example external URI references or references
using a Thumbprint.
A policy shall use either token inclusion or token reference. Using
both ways in the same policy results in several token inclusions
and/or several token references. For eaxmple if a token assertion
carries a sp:IncludeToken attribute to include a token and defines
wsp:RequireEmbeddedTokenReference (refer to chapter 5.3.3) the token
would be included twice in the message.
</proposal>
Additonal remark:
While looking at that topic I noticed that at least the X509 token
assertion allows to uses several references to be specified at the
same time in the assertion:
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/Never">
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<sp:RequireIssuerSerialReference/>
<sp:RequireThumbrintReference/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</sp:X509Token>
This is a valid (normalized) X509 assertion and would require to
include two references to the same token. Is this the intended
behaviour?
Or shall we clarify that as well?
Regards,
Werner
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]