[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: Interop scenarios document issues
I've posted a new version that has been updated as described below. I have one change left I need to look at more closely to update the description for the mutual cert wss 1.1 binding. Prateek, can you handle the other items? -----Original Message----- From: Jan Alexander Sent: Tuesday, July 11, 2006 1:49 PM To: ws-sx@lists.oasis-open.org Cc: Marc Goodner; Prateek Mishra Subject: Interop scenarios document issues I've identified couple of issues in the current interop scenarios document version: 1. All sample messages need to be updated to use the IssueFinal WS-A action for the RSTRC responses MG: Done. There were a couple of examples with empty soap headers, I did not update those. 2. In some samples (SecureConversation binding for example) the WSS, WSU, WS-SC and WS-Trust namespaces are not using the right URIs. 1. The namespaces table and some message samples use the interim WSS 1.1 namespace before WSS 1.1 was finalized (http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-wssecurity-sece xt-1.1.xsd) instead of using the final WSS 1.1 namespace (http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd). MG: Done. 2. The same issue is with @ValueType URIs in STR <Reference> when referencing encrypted keys and when using ThumbprintSHA1 or EncryptedKeySHA1 @ValueType in <KeyIdentifier>. MG: I think I got these, please double check. 3. The Username for SAML 1.1 Bearer Token, WSS 1.0 binding does not have <u:Timestamp> in <wsse:Security> header. The response does not have <o:Security> header. MG: Prateek can you take this one? 4. The Certificate for SAML 1.1 HoK Token, WSS 1.0 binding does not make much sense as the client does not prove possession of the X.509 certificate private key to the STS when sending the RST. MG: I'm not sure how to address this. Prateek? 5. The Certificate for SAML 1.1 HoK Token, WSS 1.0 binding does not have <u:Timestamp> in <wsse:Security> header. The response does not have <o:Security> header. MG: Prateek can you take this one? 6. Mutual Certificate, WSS1.1 binding in the message example has the <e:ReferenceList> outside of <e:EncryptedKey> but it needs to be inside <e:EncryptedKey> because the <EncryptedData> inside <soap-env:Body> does not have <KeyInfo>. MG: Done, please double check. 7. Mutual Certificate, WSS 1.1 binding description should be updated because it does not use derived keys in the message examples but the description suggests usage of derived keys. MG: I need to look at this one more closely to get this right. 8. The titles for SAML 1.1 client <-> service binding should be changed as follows: 1. Issued SAML 1.1 Token -> Issued SAML 1.1 Token for Certificate, WSS 1.0 2. Issued SAML 1.1 Token for Certificate -> Issued SAML 1.1 Token for Certificate, WSS 1.1 MG: Done 9. Issued SAML 2.0 client <-> service binding does not have message samples MG: Prateek? 10. Delegated SAML 2.0 with Certificate for SAML 2.0 HoK, WSS 1.1 binding does not have <u:Timestamp> in <wsse:Security> header. The response does not have <o:Security> header. MG: Prateek? Thanks, --Jan
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]