OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss-comment] recursive Security Token References

Please see lines 903-904 of
http://www.oasis-open.org/committees/download.php/13397/wss-v1.1-spec-pr
-SOAPMessageSecurity-01.pdf.  In light of those lines, do you still
think we need to strengthen the language?  (Note that the language on
those lines clarifies that we are pointing to a *token*, not *token
reference*.)

&Thomas.

] -----Original Message-----
] From: Conor P. Cahill [mailto:concahill@aol.com]
] Sent: Wednesday, August 31, 2005 2:40 PM
] To: Tech Rams
] Cc: wss-comment@lists.oasis-open.org; wss@lists.oasis-open.org
] Subject: RE: [wss-comment] recursive Security Token References
] 
] 
] 
] Tech Rams wrote on 8/31/2005, 5:07 PM:
] 
]  > I have one doubt...
]  > this requirement could used in one of two cases
]  > 1. across wsse:security headers
]  > 2. within one wsse:security header
]  >
]  > In case of 1, I am not sure about the wisdom of cross
]  > referencing as security headers could potentially be
]  > deleted as they are processed.
]  > In case of 2, it means that a particular security
]  > header is being updated by different entities - which
]  > again I am not sure is a good idea.
] 
] Our intended use is outside of wsse:Security, but in an
] area that is related -- a response from a service that
] includes security tokens for different service invocation
] endpoints that may use the same token.  So we wanted
] to reuse the STR to embed a token in the response and
] to allow another portion of the response to refer to
] the STR with the embedded token.
] 
] Our intended use aside, I think that the TC should
] take from this discussion that the language in this
] area is *not* as clear as some think.  I'm not the
] only one who read the spec and didn't see a restriction
] on using an STR to refer to another STR.
] 
] So if the WSS really believes that the current document
] forbids an STR from referring to an STR, then a
] statement along the lines of "A SecurityTokenReference
] MUST NOT reference another SecurityTokenReference" should
] be added.
] 
] If the WSS also wanted to support our intended usage,
] the statement could be loosened a bit to say: "STRs
] appearing in a wsse:Security header MUST not
] reference another STR".
] 
] Conor
] 
] 
] 
] ---------------------------------------------------------------------
] To unsubscribe, e-mail: wss-comment-unsubscribe@lists.oasis-open.org
] For additional commands, e-mail: wss-comment-help@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]