[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 75 - HTTP Auth Subassertions
|
Applying
the same procedures to myself as anyone else in the TC, this is now logged as
issue 75. From: Marc Goodner
[mailto:mgoodner@microsoft.com] *PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON
THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER. * *The issues coordinators will notify the list when that
has occurred.* * * Protocol: ws-sp ws-securitypolicy-1.2-spec-ed-01 Artifact: spec Type: design Title: HTTP Auth Subassertions Description: We don't have a way in WS-SP to express HTTP
authentication modes beyond 'use client certs' and 'don't use client certs'. It
would probably behoove us to define nested assertions that would live inside
sp:HttpsToken. Related issues: Proposed Resolution: The proposed syntax outline looks like this; <sp:HttpsToken> <wsp:Policy> ( <sp:HttpBasicAuthentication /> | <sp:HttpDigestAuthentication />
| <sp:RequireClientCertificate />
| ...)? </wsp:Policy> </sp:HttpsToken> This would result in a policy that looks like with the
current version of the spec; <wsp:Policy> <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512"> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken
RequireClientCertificate="true" /> </wsp:Policy> </sp:TransportToken> <sp:AlgorithmSuite> ... </wsp:Policy> </sp:TransportBinding> <wsaw:UsingAddressing /> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> looking like this if this after this proposal; <wsp:Policy> <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512"> <wsp:Policy> <sp:TransportToken> <wsp:Policy>
<sp:HttpsToken> <wsp:Policy>
<sp:RequireClientCertificate />
</wsp:Policy>
</sp:HttpsToken> </wsp:Policy> </sp:TransportToken> <sp:AlgorithmSuite> ... </wsp:Policy> </sp:TransportBinding> <wsaw:UsingAddressing /> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> and a binding for HTTP Basic Auth would look like this; <wsp:Policy> <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512"> <wsp:Policy> <sp:TransportToken> <wsp:Policy>
<sp:HttpsToken>
<wsp:Policy>
<sp:HttpBasicAuthentication />
</wsp:Policy>
</sp:HttpsToken> </wsp:Policy> </sp:TransportToken> <sp:AlgorithmSuite> ... </wsp:Policy> </sp:TransportBinding> <wsaw:UsingAddressing /> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]