[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss-comment] recursive Security Token References
DeMartini, Thomas wrote on 8/31/2005, 5:52 PM: > Please see lines 903-904 of > http://www.oasis-open.org/committees/download.php/13397/wss-v1.1-spec-pr > -SOAPMessageSecurity-01.pdf. In light of those lines, do you still > think we need to strengthen the language? (Note that the language on > those lines clarifies that we are pointing to a *token*, not *token > reference*.) Yes. I certainly understand how you could read and interpret this as being as restrictive as you say. I also understand and see how others who weren't involved in the generation of this spec could read and interpret this more loosely (looking at an STR with an embedded token as a "logical" security token or, perhaps, reading more into the phrase "where to find" in the first sentence). Others would just say that since it's a reference it could refer to a reference too and since that isn't explictly prohibited, the would assume (and yes, I know what happens when one ASSuMEs) it was allowed. All of that aside, I think we have a good use case for using the STR outside of the scope of the WS-Security header and it would be a good thing if we could reuse the same type. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]