OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsfed message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Issue 24: TokenIssuerMetadata Element

Issue 24

 

From: Marc Goodner [mailto:mgoodner@microsoft.com]
Sent: Friday, April 25, 2008 11:16 AM
To: wsfed@lists.oasis-open.org
Subject: [wsfed] New Issue: TokenIssuerMetadata Element

 

Since the WS-Trust endpoints of a service are already described thoroughly in WSDL, it is desirable to reference WSDL for a description of the token issuer endpoints. WSDL/MEX may be referenced from within the existing structure of EPRs, or with a new element specifically intended for token issuer metadata. The existing TokenIssuerEndpoints uses a list of EPRs and requires listing at least one token issuer endpoint address. Endpoint addresses in these EPRs are duplicates of the endpoint addresses specified in the linked WSDL, so this method unnecessarily duplicates information that may already be found in the WSDL.

This analysis presumes that given a WSDL, it is relatively easy to disambiguate the token issuer endpoints from the other services and endpoints in the WSDL. If an implementation assumes that the WS-Trust Issue endpoints represent the token issuer endpoints, then the WS-Trust endpoints may be discerned based on standardized names and namespaces. Current definition allows use of EPRs with metadata references or locations. The mex:Location element may be used to specify a reference within another MEX section.

Proposal:
Add new section following section 3.1.6 TokenIssuerEndpoints Element

3.1.x TokenIssuerMetadata Element

The optional <fed:TokenIssuerMetadata> element allows a federation metadata provider to specify the metadata corresponding to its token issuing service (or addresses for functionally equivalent security token services) which can be referenced by federated partners when requesting tokens from it. This element populates the [Federation Metadata] property. This is specified by token issuers and security token services. This is a service-level statement.
The schema for this optional element is shown below.

<fed:TokenIssuerMetadata>
  <mex:Metadata> … </mex:metadata>
</fed:TokenIssuerMetadata>

 

The content of this element is Metadata element as defined by [WS-MetadataExchange] providing a representation of the metadata for the issuer STS (or functionally equivalent STS endpoints).

This element allows attributes to be added so long as they do not alter the semantics defined in this specification.
The following example illustrates using this optional element to specify a metadata address for the token issuing STS of an organization. This address may be used to look up the endpoint address for the STS.

<fed:TokenIssuerMetadata>
  <mex:Metadata>
    <mex:MetadataSection Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex">
      <wsx:MetadataReference>
        <wsa:Address> https://fabrikam.com/identityserver/trust/mex </wsa:Address>
      </wsx:MetadataReference>
    </mex:MetadataSection>
  </mex:Metadata>
</fed:TokenIssuerMetadata>

 

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]