OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: Issue 78: Specify Reference Types for References to SCT


For the benefit of those who are not fluent with the WS-Security Specs,
Chapter 7 or the WSS Core spec:

http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os
-SOAPMessageSecurity.pdf

defines four different reference mechanisms which may be used in a STR
to reference various token types. The WSS token profiles call out which
ones may be used for a specific token type and the details of how to do
so.

For example, Section 3.2 of the X.509 Token Profile:

http://www.oasis-open.org/committees/download.php/16785/wss-v1.1-spec-os
-x509TokenProfile.pdf

calls out how to use three specific reference mechanisms (embedded works
the same for all tokens and thus is not described) to point to an X.509
token.

This is the sort of description I had in mind for Chapter 8 of
WS-SecCon.

Hal

> -----Original Message-----
> From: Marc Goodner [mailto:mgoodner@microsoft.com]
> Sent: Tuesday, June 27, 2006 7:44 PM
> To: Hal Lockhart; ws-sx@lists.oasis-open.org
> Subject: Issue 78: Specify Reference Types for References to SCT
> 
> Issue 78...
> 
> -----Original Message-----
> From: Hal Lockhart [mailto:hlockhar@bea.com]
> Sent: Tuesday, June 27, 2006 1:54 PM
> To: ws-sx@lists.oasis-open.org
> Cc: Marc Goodner
> Subject: [ws-sx] NEW Issue: Specify Reference Types for References to
> SCT
> 
> PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
> THE ISSUE IS ASSIGNED A NUMBER.
> The issues coordinators will notify the list when that has occurred.
> 
> Protocol:  ws-sc
> 
>
http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/18840/ws
> -secureconversation-1.3-spec-ed-01-r06-diff.pdf
> 
> Artifact:  spec
> 
> Type:
> 
> design
> 
> Title:
> 
> Chapter 8 says that a STR may be used to reference an SCT, but does
not
> specify what reference types may be used as was done in the WSS Token
> Profiles. In particular there are use cases for referencing an SCT by
> its wsc:Identifier value.
> 
> Description:
> 
> The example in Chapter 8 shows a reference being made using a wsu:Id,
> but the text does not really specify what is allowed or not allowed.
For
> example, can an Absolute URI be used or only a relative one.
> 
> There are a number of usecases where it would be desirable to
reference
> an SCT by its wsc:Identifier value.
> 
> 1. When the SCT is only conveyed in the first message, especially if
> there is more than one context active.
> 
> 2. When reference is made from the Body or other Header element to the
> SCT it is desirable to have a message-independent means of referencing
> the SCT.
> 
> Related issues:
> 
> Issue 76, perhaps.
> 
> Proposed Resolution:
> 
> Perhaps use a direct reference for absolute and relative URIs and use
a
> KeyIdentifier to indicate the use of a wsc:Identifier value.
> 
> Hal



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]