[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Proposal for Issue 78
I propose replacing section 8 with: ----- For a variety of reasons it may be necessary to reference a Security Context Token. These references can be broken into two general categories: references from within the <Security> element, generally used to indicate the key used in a signature or encryption operation and references from other parts of the SOAP envelope, for example to specify a token to be used in some specified way. References within the <Security> element can further be divided into reference to an SCT found within the message and and referenes to a SCT not present in the message. The Security Context Token does not support references to it using key identifiers or key names. All references MUST either use an ID (to a wsu:Id attribute) or a <wsse:Reference> to the <wsc:Identifier> element. {Question: when the <wsc:Identifier> element value is used, is it necessary to also specify the <wsc:Instance> element value, if present to disambiguate the key?} References using an ID are message-specific. References using the <wsc:Identifier> element value are message independant. When an SCT is referenced from outside the <Security> element, a message independant referencing mechanisms MUST be used, to enable a cleanly layered processing model. When an SCT is referenced from within the <Security> element, but the SCT is not present in the message, (presumably because it was transmitted in a previous message) a message independant referencing mechanism MUST be used. When the SCT is referenced from within the <Security> element and is present in the message, a message-specific referencing mechanism MAY be used. [examples] ---- Note the second paragraph is copied from lines 144-146. I suggest deleting these. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]