[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [wss] Username password token definition
I'd like to raise the following use case related issues with Working Draft 3 of the core. Section 6.1 Usernames and Passwords, beginning at line 422, defines the use of the <wsse:UsernameToken> element "as a way of providing a username and optional password information". The definition of this token makes no mention of its potential value in defining the key to support the signing or encryption of the attached SOAP message. I realize that the core document is intended to serve as a framework, but it seems less than obvious from the description that these tokens could be used to identify a signing (or encryption key); which perhaps is the most significant use case that features such tokens. The example in section 3.4 beginning at line 248, seems to depict the use of such tokens (as revealed by lines 299-300), as a means to carry a password derived signing key. However, the importance of this example, warrants further discussion in section 6.1. I am concerned that the degree to which such use cases are difficult to intuit from the specification, is limiting our ability to determine the specification's readiness to support interoperability, and to raise issues where it is not. The "core" use cases must be clearly spelled out, and the individual bindings documents must each define their related use cases. Ron
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC