[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Issue ER008: Applicability of TokenInclusion Valuesfor various security tokens
I disagree with the proposal because I don’t believe we should be profiling the use of WS-SecurityPolicy assertions for specific scenarios. I believe that this work belongs to a group that is specifically chartered to do such work for a specific usage domain of WS-SecurityPolicy. Since we are providing a generic framework for specifying the security requirements for SOAP message exchanges and we haven’t done any formal work in collecting all the possible scenarios where this framework can be used (I actually don’t think it is feasible to collect all such scenarios across all the domains), I don’t believe we should be recommending or constraining the inclusion mode values in a way that is proposed below.
On a technical level, I don’t agree with the use cases below because in some scenarios the SAML token is actually used to authenticate a recipient to an initiator in which case setting inclusion mode on the SamlToken assertion to AlwaysToInitiator is needed. In some scenario you might want to use username token to authenticate recipient to the initiator so again setting the inclusion mode to AlwaysToInitiator makes sense.