[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Interop scenarios document issues
I've identified couple of issues in the current interop scenarios document version: 1. All sample messages need to be updated to use the IssueFinal WS-A action for the RSTRC responses 2. In some samples (SecureConversation binding for example) the WSS, WSU, WS-SC and WS-Trust namespaces are not using the right URIs. 1. The namespaces table and some message samples use the interim WSS 1.1 namespace before WSS 1.1 was finalized (http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-wssecurity-sece xt-1.1.xsd) instead of using the final WSS 1.1 namespace (http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd). 2. The same issue is with @ValueType URIs in STR <Reference> when referencing encrypted keys and when using ThumbprintSHA1 or EncryptedKeySHA1 @ValueType in <KeyIdentifier>. 3. The Username for SAML 1.1 Bearer Token, WSS 1.0 binding does not have <u:Timestamp> in <wsse:Security> header. The response does not have <o:Security> header. 4. The Certificate for SAML 1.1 HoK Token, WSS 1.0 binding does not make much sense as the client does not prove possession of the X.509 certificate private key to the STS when sending the RST. 5. The Certificate for SAML 1.1 HoK Token, WSS 1.0 binding does not have <u:Timestamp> in <wsse:Security> header. The response does not have <o:Security> header. 6. Mutual Certificate, WSS1.1 binding in the message example has the <e:ReferenceList> outside of <e:EncryptedKey> but it needs to be inside <e:EncryptedKey> because the <EncryptedData> inside <soap-env:Body> does not have <KeyInfo>. 7. Mutual Certificate, WSS 1.1 binding description should be updated because it does not use derived keys in the message examples but the description suggests usage of derived keys. 8. The titles for SAML 1.1 client <-> service binding should be changed as follows: 1. Issued SAML 1.1 Token -> Issued SAML 1.1 Token for Certificate, WSS 1.0 2. Issued SAML 1.1 Token for Certificate -> Issued SAML 1.1 Token for Certificate, WSS 1.1 9. Issued SAML 2.0 client <-> service binding does not have message samples 10. Delegated SAML 2.0 with Certificate for SAML 2.0 HoK, WSS 1.1 binding does not have <u:Timestamp> in <wsse:Security> header. The response does not have <o:Security> header. Thanks, --Jan
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]