[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Further comments on WSS 1.1 X509 Token Profile
Here are some further comments on the WSS 1.1 X509 Token Profile CD document[1]. Gudge [1] http://www.oasis-open.org/committees/download.php/13384/wss-v1.1-spec-pr -x509TokenProfile-01.pdf 1. Line 157 - The #ThumbprintSHA1 URI should be added to the table. 2. Line 176. The description against #X509v3 and #X509v1 implies that it only allows certificates that support signature-verification only. Suggest "An X509 vX certificate capable of a signature-verification at a minimum" 3. Line 219 - The parenthetical statement implies that the URI for the X509SubjectKeyIndentifier is http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-x509-token-profi le-1.1#X509SubjectKeyIdentifier and I think it should be http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profi le-1.0#X509SubjectKeyIdentifier 4. Line 248. The ValueType URI column should be changed to #ThumbprintSHA1 to be consistent with WSS1.1 and the text in the following paragraph. 5. Lines 430-431 - In light of Thumbprint support, these lines no longer seem appropriate. Propose they be deleted. 6. Lines 439-476 - In light of 5. propose that this example show use of Thumbprint.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]