OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Proposal for ACTION-2006-03-01-04

All,

here a proposal how to extend assertions.

This AI is related to issue 30.


<Proposal>

The mechanism to extend a policies (token assertions) uses the 
following notation:

<sp:Extensions sp:ExtensionNamespace="xs:anyURI" >
  <wsp:Policy>
    <any namespace=##other ...> +
  </wsp:Policy>
</sp:Extensions> *

The sp:Extension assertion can occur more than once in a (policy) token
assertion to define several extensions with different namespaces. The
sp:ExtensionNamespace attribute defines the namespace of the new
assertions. 

The namespace of assertions inside the sp:Extensions assertion
MUST match the namespace given in the sp:ExtensionNamespace attribute.

The semantic of the extension assertions and their attributes is out 
of scope for the WSP specifications. 

Simple example:

<sp:Extensions sp:Namespace="uri:SomeNamespace">
  <wsp:Policy>
    <ext:Extension_1 xmlns:ext="uri:SomeNamespace" attr="value" />
    <ext:Extension_2 />
  </wsp:Policy>
</sp:Extensions>

</Proposal>


Some internal notes/rationale behind the proposal:

The above proposal requires to define the sp:Extensions assertion in
the WSP specification.

The above notation uses the XML schema notation "any" to define that
any well-formed XML is permitted. The namespace "##other" defines that
any namespace except the target namespace can be used here.

Using an extension mechanism in this way is compatible with WS-Policy
and behaves correct when using normalize, merge, and intersect
policy operations.

IMHO the WS-SX TC shall reserve an own extension namespace to be able
to define own proposed extensions, e.g. to define the setup of tokens
such as UsernameToken or SAML tokens.

A more complex example:

<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd">
<sp:SignedEndorsingSupportingTokens>
  <wsp:Policy>
    <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/Never" >
      <wsp:Policy>
        <sp:Extensions sp:Namespace="uri:SomeNamespace">
          <wsp:Policy>
            <ext:Usage xmlns:ext="uri:SomeNamespace" Type="manager" />
          </wsp:Policy>
        </sp:Extensions>
        <sp:RequireIssuerSerialReference />
      </wsp:Policy>
    </sp:X509Token>
    <sp:AlgorithmSuite>
      <wsp:Policy>
        <sp:Basic256 />
      </wsp:Policy>
    </sp:AlgorithmSuite>
    <sp:SignedParts>
      <sp:Header Name="Header3" Namespace="uri:namespace_3" />
    </sp:SignedParts> 
  </wsp:Policy>
</sp:SignedEndorsingSupportingTokens>
</wsp:Policy>


Regards,
Werner

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]