Issue 22
From: Marc Goodner
[mailto:mgoodner@microsoft.com]
Sent: Friday, April 25, 2008 11:10 AM
To: wsfed@lists.oasis-open.org
Subject: [wsfed] New Issue: TargetScopes Element
When
adding an RP or FP, the IP must know what URI name values to expect to receive
in the AppliesTo element of an RST or the wtrealm parameter of a wsignout1.0
message (as defined in section 13).
There is no existing element to express this value. The TargetScopes element is proposed to address this gap.
Proposal:
Add a new section preceding the example document section 3.1.16.
3.1.xx TargetScopes Element
The [WS-Trust] protocol allows a token requester to indicate the target where
the issued token will be used (i.e., token scope) by using the optional element
wsp:AppliesTo in the RST message. To communicate the supported wsp:AppliesTo
(wtrealm values in passive requestor scenarios) for a realm, federated metadata
provides the <fed:TargetScopes> element to indicate
the EPRs that are associated with token scopes of the relying party or STS.
Note that an RP or STS MAY be capable of supporting other wsp:AppliesTo values.
This element populates the [Federation Metadata] property. This is typically a
service-level statement.
The schema for this optional element is shown below.
<fed:TargetScopes ...>
<wsa:EndpointReference>
...
</wsa:endpointReference> +
</fed:TargetScopes>
The
following example illustrates using this optional element to specify a logical name
of the federating organization as a token issuer.
<fed:TargetScopes >
<wsa:EndpointReference>
<wsa:Address> http://fabrikam.com/federation/corporate </wsa:Address>
</wsa:endpointReference>
</fed:TargetScopes >