OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsfed message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: New Issue: Clarification of RST construction with wreq, wreqptr andparamaters

There is some ambiguity between wreq and wreqptr and how the parameters relate to RST construction. The current text is a little confusing on I propose we fix that as follows.

The spec says this about wreq:
wreq

This optional parameter specifies a token request using either a <wst:RequestSecurityToken> element or a full request message as described in WS-Trust. If this parameter is not specified, it is assumed that the responding service knows the correct type of token to return. Note that this can contain the same RST payload as used in WS-Trust RST messages.

The spec says this about wreqptr:
wreqptr

This optional parameter specifies a URL for where to find the request (wreq parameter). Note that this does not have a WS-Trust parallel.

Finally the spec has this paragraph:
The RST is logically constructed to process the request. If one is specified either directly or indirectly via wreqptr it is the authoritative source or parameter information. That is, parameters outside of the RST (e.g. wreq, wfresh, wtrealm, …) are used to construct an RST if the RST is not present or if the corresponding RST values are not present.

Proposal
The last paragraph above describes the RST construction process overall and not be limited to just wreqptr. However, the text is confusing, there is no precedence intended of wreqptr over wreq. These are two different request models and were not intended to be used in the same message exchange. Here are the changes to the wreqptr and precedence paragraph that should clarify things. No changes are needed to the description of wreq.

wreqptr

This optional parameter specifies a URL for where to find the request expressed as a <wst:RequestSecurityToken> element(wreq parameter). Note that this does not have a WS-Trust parallel. wreqptr MUST NOT be included in a token request if wreq is present.


The RST is logically constructed to process the request. If one is specified (either directly via wreq or indirectly via wreqptr) it is the authoritative source for parameter information. That is, parameters outside of the RST (e.g. wreq, wfresh, wtrealm, …) are used to construct an RST if the RST is not present or if the corresponding RST values are not present.

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]