[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [wss] [wsse] Comments and Issues
I have the following comments, issues and questions on WS_Security Core, Draft 3. Lines 180 to 184: It is not clear to me whether this definition is meant to describe a case of delegation where the client and sender are two different entities or whether the sender is the channel acting on behalf or a client. From the definition on lines 217 to 223 it appears that delegation is not intended. Either way I believe this paragraph should be clarified. Line 294: Should read Lines (005) to (009) .. Line 461: I believe that this line should read - "This required element specifies the username of the authenticated party or the party to be authenticated" NOT "of the authenticating party." A clarifying question - am I correct in believing that this specification does not intend to prohibit the receiving party from using the username and password to authenticate the client? Lines 534 & 535: I believe that these lines should read " ... binary or XML tokens ..", not just "binary tokens" Lines 575 to 588: Are these lines needed since we RECOMMEND that Exclusive Canonicalization be used? Section 6.3.2: We say in the WSS-SAML specification to use the assertion id to reference SAML tokens, not to use the wsu:Id and license id for XrML? This section should state this and shouldn't unequivocally use "SHOULD" for the wsu:id attribute. Section 7.1 & 7.2: These sections also don't mention assertion id's for SAML and license id's for XrML. Section 7.4: This section only discusses BinarySecurityTokens. SAML also has a KeyInfo token. Don
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC