wss message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: ISSUE 73
- From: Jerry Schwarz <jerry.schwarz@oracle.com>
- To: wss@lists.oasis-open.org
- Date: Tue, 15 Jul 2003 07:16:05 -0700
Resend of message originally sent on June 17 because I never saw any
responses.
---------------------------------
Apologies again for being unable to attend F2F.
From the minutes
>Issue 73 - What tokens are allowed within Token Reference? Add an
embedded reference, but this isn't well defined>
>
- Editors were to make proposal - Jerry's issue (not present)
- Either enumerate or define tokens or non-tokens. Definition of
security tokens but extensible nature leaves this in doubt.
- line 214 defines the definition.
- Is a signature or a security manifest a type of security token?
- No one present could argue that a signature represents a claim.
- mark it closed.
Can someone who supported this decision address the following
questions
A. Consider
<wsse:UserNameToken>
<wsse:UserName>Jerry</wsse:UserName>
</wsse:UserNameToken>
I presume that people want to consider that a security "token".
Can someone explain to me what the claim is?
Note that since a claim is a "declaration made by an
entity" you must specify both the declaration and the entity.
B. Consider (where the ... represent some agreed security
token)
<wsse:SecurityTokenReference
usage="Sender"> <wsse:Embedded>
...
</wsse:Embedded>
</wsse:SecurityTokenReference>
Apparently this makes claims (based both on the presence of the usage
attribute and the embedding of whatever makes a claim. Thus B is a
security token and we can recursively embed it.
<wsse:SecurityTokenReference
usage="Sender">
<wsse:SecurityTokenReference usage="Sender">
<wsse:Embedded>
...
</wsse:Embedded>
</wsse:SecurityTokenReference>
</wsse:SecurityTokenReference>
I don't object to that, but I have had the distinct impression that other
people didn't want to allow such recursive embedding.
Is it agreed that this is allowed by the decision
to close 73?
C. Consider the assertion by "Jerry" that "I
have seen and approved ....". According to the dsig draft, (sections
8.1.2 and 8.1.3) a signature can be used to convey that kind of
assertion. Can someone who believes signatures
don't make claims explain how this fails to be a claim?
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]