OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: editorial comments - X509 token profile draft 5

I have some editorial comments on the X509 token profile

section 2.2 - update wsse, wsu namespaces

Section 3. Do we need this section of Identification,Contact, Description, Updates? If so, it is missing
from the Username profile. It seems better just to remove this.

Section 3.2 proposal:
"X.509 certificates can be conveyed in a ds:KeyInfo element, a BinarySecurityToken element, or referenced
using a ds:X509IssuerSerial ds:KeyInfo element.  When a ds:KeyInfo element is used, it is recommended that it be conveyed as a child of a wsse:Security element, whether to convey certificates or certificate references. When a certificate or certificate chain is conveyed, a wsse:BinarySecurityToken is recommended. This allows receivers to have a single processing model.

The following values are defined for ..."

(Does using certificate references require a ds:KeyInfo processing model anyway?)

Section 3.3
Move 1st two paragraphs of 3.3.1 to 3.3, remove duplicate in 3.3.2. General text about use of SecurityTokenReference and scope regarding certificates.

Section 3.3.2
Use preferred PKIPATH in example?


regards, Frederick
 
Frederick Hirsch
Nokia Mobile Phones

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]