[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Proposal for ACTION-2006-03-01-04
All, here a proposal how to extend assertions. This AI is related to issue 30. <Proposal> The mechanism to extend a policies (token assertions) uses the following notation: <sp:Extensions sp:ExtensionNamespace="xs:anyURI" > <wsp:Policy> <any namespace=##other ...> + </wsp:Policy> </sp:Extensions> * The sp:Extension assertion can occur more than once in a (policy) token assertion to define several extensions with different namespaces. The sp:ExtensionNamespace attribute defines the namespace of the new assertions. The namespace of assertions inside the sp:Extensions assertion MUST match the namespace given in the sp:ExtensionNamespace attribute. The semantic of the extension assertions and their attributes is out of scope for the WSP specifications. Simple example: <sp:Extensions sp:Namespace="uri:SomeNamespace"> <wsp:Policy> <ext:Extension_1 xmlns:ext="uri:SomeNamespace" attr="value" /> <ext:Extension_2 /> </wsp:Policy> </sp:Extensions> </Proposal> Some internal notes/rationale behind the proposal: The above proposal requires to define the sp:Extensions assertion in the WSP specification. The above notation uses the XML schema notation "any" to define that any well-formed XML is permitted. The namespace "##other" defines that any namespace except the target namespace can be used here. Using an extension mechanism in this way is compatible with WS-Policy and behaves correct when using normalize, merge, and intersect policy operations. IMHO the WS-SX TC shall reserve an own extension namespace to be able to define own proposed extensions, e.g. to define the setup of tokens such as UsernameToken or SAML tokens. A more complex example: <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd"> <sp:SignedEndorsingSupportingTokens> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In cludeToken/Never" > <wsp:Policy> <sp:Extensions sp:Namespace="uri:SomeNamespace"> <wsp:Policy> <ext:Usage xmlns:ext="uri:SomeNamespace" Type="manager" /> </wsp:Policy> </sp:Extensions> <sp:RequireIssuerSerialReference /> </wsp:Policy> </sp:X509Token> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256 /> </wsp:Policy> </sp:AlgorithmSuite> <sp:SignedParts> <sp:Header Name="Header3" Namespace="uri:namespace_3" /> </sp:SignedParts> </wsp:Policy> </sp:SignedEndorsingSupportingTokens> </wsp:Policy> Regards, Werner
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]