[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: AW: [ws-sx] Issue 27: When to include a token?
In response to the ACTION 2005-03-01-02 here a proposal to include at the end ot chapter 5.1.1 (or as new chapter 5.1.2). <proposal> Token inclusion and Token references A token assertion may carry a sp:IncludeToken attribute that requires to include a token in the message. To support this type of token inclusion the Web Service Security specifications [WSS10] define the wsse:BinarySecurityToken element that holds the included token. Several token assertions (refer to chapter 5.3) support addtional ways to reference tokens, for example external URI references or references using a Thumbprint. A policy shall use either token inclusion or token reference. Using both ways in the same policy results in several token inclusions and/or several token references. For eaxmple if a token assertion carries a sp:IncludeToken attribute to include a token and defines wsp:RequireEmbeddedTokenReference (refer to chapter 5.3.3) the token would be included twice in the message. </proposal> Additonal remark: While looking at that topic I noticed that at least the X509 token assertion allows to uses several references to be specified at the same time in the assertion: <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In cludeToken/Never"> <wsp:Policy> <wsp:ExactlyOne> <wsp:All> <sp:RequireIssuerSerialReference/> <sp:RequireThumbrintReference/> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </sp:X509Token> This is a valid (normalized) X509 assertion and would require to include two references to the same token. Is this the intended behaviour? Or shall we clarify that as well? Regards, Werner
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]