[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ws-sx] Issue 101: Need additional SamlToken Assertion Elements for Holder-of-Key and Sender-Vouches
+1 on adopting one of Rich's proposals (TC to determine which) This was one of the issues I noted with regard to the Interop document when attempting to craft policy statements for the interop scenarios: "- how to state confirmation method requirement in policy (e.g. HoK for SAML tokens)" See <http://www.oasis-open.org/apps/org/workgroup/ws-sx/email/archives/ 200607/msg00068.html> regards, Frederick Frederick Hirsch Nokia On Aug 9, 2006, at 9:38 AM, ext Marc Goodner wrote: > Issue 101. > > -----Original Message----- > From: Rich Levinson [mailto:rich.levinson@oracle.com] > Sent: Tuesday, August 08, 2006 6:25 PM > To: ws-sx@lists.oasis-open.org; Marc Goodner > Subject: NEW Issue: Need additional SamlToken Assertion Elements for > Holder-of-Key and Sender-Vouches > > PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSION THREAD > UNTIL THE > ISSUE IS ASSIGNED A NUMBER. > The issues coordinators will notify the list when that has occurred. > > Protocol: ws-sp > > > http://www.oasis-open.org/committees/download.php/18837/ws- > securitypolic > y-1.2-spec-ed-01-r07.pdf > > Artifact: spec > > Type: design > > Title: > > Need additional SamlToken Assertion Elements for Holder-of-Key and > Sender-Vouches > > Description: > > Comparable to the level of granularity defined for UsernameToken > Assertions (lines 854-861 (NoPassword, HashPassword)) > and X509Token Assertions (lines 1004-1024 several token > types), the > SamlToken Assertion needs token types of > sender-vouches and holder-of-key defined. As in the Username and > X509 token cases, the WS 1.0 and WS 1.1 > Saml Token profiles identify these token types as explicit use > cases > that the profile supports. > > > http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0.pdf > see line 495 > > > http://www.oasis-open.org/committees/download.php/16768/wss-v1.1- > spec-os > -SAMLTokenProfile.pdf > see line 672 > > Related issues: None > > Proposed Resolution: > > Add the following lines after line 1322 in section 5.3.8: > > /sp:SamlToken/wsp:Policy/sp:WssSamlHolderOfKey > This optional element identifies that a SAML holder-of-key > token should be used as > defined in [WSS: SAML Token Profile 1.0, 1.1]. > > /sp:SamlToken/wsp:Policy/sp:WssSamlSenderVouches > This optional element identifies that a SAML sender-vouches > token should be used as > defined in [WSS: SAML Token Profile 1.0, 1.1]. > > The above proposal would require 2 elements to fully define the > required token. An alternative > approach would be to explicitly define the 2 tokens for all 3 > supported versions as follows: > > /sp:SamlToken/wsp:Policy/sp:WssSamlV11Token10HolderOfKey > This optional element identifies that a SAML Version 1.1 > holder-of-key token should be used as > defined in [WSS: SAML Token Profile 1.0]. > > /sp:SamlToken/wsp:Policy/sp:WssSamlV11Token10SenderVouches > This optional element identifies that a SAML Version 1.1 > sender-vouches token should be used as > defined in [WSS: SAML Token Profile 1.0]. > > /sp:SamlToken/wsp:Policy/sp:WssSamlV11Token11HolderOfKey > This optional element identifies that a SAML Version 1.1 > holder-of-key token should be used as > defined in [WSS: SAML Token Profile 1.1]. > > /sp:SamlToken/wsp:Policy/sp:WssSamlV11Token11SenderVouches > This optional element identifies that a SAML Version 1.1 > sender-vouches token should be used as > defined in [WSS: SAML Token Profile 1.1]. > > /sp:SamlToken/wsp:Policy/sp:WssSamlV20Token11HolderOfKey > This optional element identifies that a SAML Version 2.0 > holder-of-key token should be used as > defined in [WSS: SAML Token Profile 1.1]. > > /sp:SamlToken/wsp:Policy/sp:WssSamlV20Token11SenderVouches > This optional element identifies that a SAML Version 2.0 > sender-vouches token should be used as > defined in [WSS: SAML Token Profile 1.1]. > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]