Protocol: ws-securitypolicy
Artifact: spec / schema
Type: design
Title: Move capability assertions (e.g., MustNotSendCancel, MustNotSendRenew, etc.) which are properties of the STS not the token, into WS-Trust assertion
Description:
section 5.4.5:
The SpnegoContextToken includes STS capabilities assertions, e.g., MustNotSendCancel, MustNotSendRenew, etc., which are properties of the STS not the token. This tight coupling between the token and the STS server requires the list of assertions be adjusted.
section 5.4.7:
The SecureConversationTokens includes STS capabilities assertions which are properties of the STS not the token. This tight coupling between the token and the STS server requires the list of assertions be adjusted
Related issues:
None.
Proposed Resolution:
Fold these STS capability assertions into WS-Trust assertion