[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [wss] [wsse] Comments and Issues
Corrected Lines 180 to 184 per your definition Corrected Line 294 Lines 534 & 535: I don't believe so, we need to discuss Lines 575 to 588: I believe that these are still needed Corrected Section 6.3.2 Section 7.1 & 7.2 Not sure that they should, may want to leave for binding documents Corrected Section 7.4: Pointer to binding documents Anthony Nadalin | work 512.436.9568 | cell 512.289.4122 |---------+----------------------------> | | "Flinn, Don" | | | <Don.Flinn@quadra| | | sis.com> | | | | | | 11/11/2002 05:51 | | | PM | |---------+----------------------------> >----------------------------------------------------------------------------------------------------------------------------------------------| | | | To: wss@lists.oasis-open.org | | cc: | | Subject: [wss] [wsse] Comments and Issues | | | | | >----------------------------------------------------------------------------------------------------------------------------------------------| I have the following comments, issues and questions on WS_Security Core, Draft 3. Lines 180 to 184: It is not clear to me whether this definition is meant to describe a case of delegation where the client and sender are two different entities or whether the sender is the channel acting on behalf or a client. From the definition on lines 217 to 223 it appears that delegation is not intended. Either way I believe this paragraph should be clarified. Line 294: Should read Lines (005) to (009) .. Line 461: I believe that this line should read - "This required element specifies the username of the authenticated party or the party to be authenticated" NOT "of the authenticating party." A clarifying question - am I correct in believing that this specification does not intend to prohibit the receiving party from using the username and password to authenticate the client? Lines 534 & 535: I believe that these lines should read " ... binary or XML tokens ..", not just "binary tokens" Lines 575 to 588: Are these lines needed since we RECOMMEND that Exclusive Canonicalization be used? Section 6.3.2: We say in the WSS-SAML specification to use the assertion id to reference SAML tokens, not to use the wsu:Id and license id for XrML? This section should state this and shouldn't unequivocally use "SHOULD" for the wsu:id attribute. Section 7.1 & 7.2: These sections also don't mention assertion id's for SAML and license id's for XrML. Section 7.4: This section only discusses BinarySecurityTokens. SAML also has a KeyInfo token. Don ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC