OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Interop scenarios document issues

I've identified couple of issues in the current interop scenarios
document version:

1. All sample messages need to be updated to use the IssueFinal WS-A
action for the RSTRC responses 

2. In some samples (SecureConversation binding for example) the WSS,
WSU, WS-SC and WS-Trust namespaces are not using the right URIs. 

	1. The namespaces table and some message samples use the interim
WSS 1.1 namespace before WSS 1.1 was finalized
(http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-wssecurity-sece
xt-1.1.xsd) instead of using the final WSS 1.1 namespace
(http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd). 

	2. The same issue is with @ValueType URIs in STR <Reference>
when referencing encrypted keys and when using ThumbprintSHA1 or
EncryptedKeySHA1 @ValueType in <KeyIdentifier>.

3. The Username for SAML 1.1 Bearer Token, WSS 1.0 binding does not have
<u:Timestamp> in <wsse:Security> header. The response does not have
<o:Security> header.

4. The Certificate for SAML 1.1 HoK Token, WSS 1.0 binding does not make
much sense as the client does not prove possession of the X.509
certificate private key to the STS when sending the RST.

5. The Certificate for SAML 1.1 HoK Token, WSS 1.0 binding does not have
<u:Timestamp> in <wsse:Security> header. The response does not have
<o:Security> header.

6. Mutual Certificate, WSS1.1 binding in the message example has the
<e:ReferenceList> outside of <e:EncryptedKey> but it needs to be inside
<e:EncryptedKey> because the <EncryptedData> inside <soap-env:Body> does
not have <KeyInfo>. 

7. Mutual Certificate, WSS 1.1 binding description should be updated
because it does not use derived keys in the message examples but the
description suggests usage of derived keys. 

8. The titles for SAML 1.1 client <-> service binding should be changed
as follows:

	1. Issued SAML 1.1 Token -> Issued SAML 1.1 Token for
Certificate, WSS 1.0

	2. Issued SAML 1.1 Token for Certificate -> Issued SAML 1.1
Token for Certificate, WSS 1.1

9. Issued SAML 2.0 client <-> service binding does not have message
samples

10. Delegated SAML 2.0 with Certificate for SAML 2.0 HoK, WSS 1.1
binding does not have <u:Timestamp> in <wsse:Security> header. The
response does not have <o:Security> header.

Thanks,
--Jan

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]