ws-sx message

Subject: Issue PR029: Move capability assertions (e.g., MustNotSendCancel,MustNotSendRenew, etc.) which are properties of the STS not the token, intoWS-Trust assertion

From: Greg Carpenter <gregcarp@microsoft.com>
To: "ws-sx@lists.oasis-open.org" <ws-sx@lists.oasis-open.org>
Date: Mon, 16 Apr 2007 07:18:37 -0700

[[ gleaned from the spreadsheet of SP PR comments posted at http://lists.oasis-open.org/archives/ws-sx-comment/200704/msg00000.html ]]

Protocol: ws-securitypolicy

http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-cd-02-diff.pdf

Artifact: spec / schema

Type: design

Title: Move capability assertions (e.g., MustNotSendCancel, MustNotSendRenew, etc.) which are properties of the STS not the token, into WS-Trust assertion

Description:

section 5.4.5:
The SpnegoContextToken includes STS capabilities assertions, e.g., MustNotSendCancel, MustNotSendRenew, etc., which are properties of the STS not the token. This tight coupling between the token and the STS server requires the list of assertions be adjusted.
section 5.4.7:
The SecureConversationTokens includes STS capabilities assertions which are properties of the STS not the token. This tight coupling between the token and the STS server requires the list of assertions be adjusted

Related issues:

None.

Proposed Resolution:

Fold these STS capability assertions into WS-Trust assertion

Follow-Ups:
- [internal] RE: Issue PR029: Move capability assertions (e.g.,MustNotSendCancel, MustNotSendRenew, etc.) which are properties of the STSnot the token, into WS-Trust assertion
  - From: Paul Cotton <Paul.Cotton@microsoft.com>