Issue 161
From: Symon Chang
[mailto:sychang@bea.com]
Sent: Monday, February 04, 2008 1:12 PM
To: ws-sx@lists.oasis-open.org
Cc: Marc Goodner
Subject: NEW Issue: Add <sp:RequireAsync /> into sp:Trust13
assertion
PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER.
The issues coordinators will notify the list when that has occurred.
Protocol: ws-sp
http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/24534/ws-securitypolicy-1.2-spec-os.pdf
Artifact: policy
Type: design
Title: Add <sp:RequireAsync /> into sp:Trust13 assertion
In the WS-SecureConversation, when use WS-Trust to establish the connection, the current WS-SecurityPolicy does not define how the WS-Trust communication between the STS and the requester should be done. While the default is in synchronous mode, the WS-Trust spec does allow using synchronous mode to exchange the token.
By adding sp:RequireAsync into existing sp:Trust13 assertion, can make the use of asynchronous or synchronous mode become policy driven.
It is proposed to change the syntax of sp:Trust13 with one more element after line 2691:
<sp: RequireAsync
/>?
With the following text for the description:
“/sp:Trust13/wsp:Policy/sp:RequireAsync
This optional element is a policy assertion that indicates that the STS request
and response should use a synchronous mode. When this assertion is missing, the default
behavior is synchronous mode.”
Symon Chang
BEA Systems
Notice: This email message, together with any attachments, may contain
information of BEA Systems, Inc., its subsidiaries and affiliated entities,
that may be confidential, proprietary, copyrighted and/or legally privileged,
and is intended solely for the use of the individual or entity named in this
message. If you are not the intended recipient, and have received this message
in error, please immediately return this by email and then delete it.