OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] New Issue: SecurityTokenReference/Reference/@ValueType Attribute

Title: Message
On behalf of Grant Goodale:
 
-----Original Message-----
From: Grant Goodale
Sent: Tuesday, November 18, 2003 8:16 AM
To: Eric Gravengaard
Subject: RE: [wss] New Issue: SecurityTokenReference/Reference/@ValueType Attribute

    I found these two attributes a bit confusing as well.  In particular, the implied difference between "normal" and local URIs seems out of place.  My interpretation was that either
 
    a) the ValueType attribute of the Reference element was intended for use in a SecurityTokenReference referring to a token other than a BinarySecurityToken,
 
    b) when referring to a BinarySecurityToken, the ValueType attribute of the Reference element should contain a value indicating as such rather than a value indicating the "value space" of the data contained within the referenced BInarySecurityToken, or
 
    c) there exists some issue with the resolution of local URIs during processing that this attribute was intended to address.
 
    In any event, the descriptive text around Reference/@ValueType seems inadequate.
 
    Regards,
      Grant

From: Michael McIntosh [mailto:mikemci@us.ibm.com]
Sent: Tuesday, November 18, 2003 6:16 AM
To: wss@lists.oasis-open.org
Subject: [wss] New Issue: SecurityTokenReference/Reference/@ValueType Attribute


Section 7.2 Direct References of Web Services Security: SOAP Message Security Working Draft 17, Wednesday, 27 August 2003 states:

"/wsse:SecurityTokenReference/Reference/@ValueType
        This optional attribute specifies a QName that is used to identify the type of token being referenced (see <wsse:BinarySecurityToken>). This specification does not define any processing rules around the usage of this attribute, however, specifications for individual token types MAY define specific processing rules and semantics around the value of the URI and how it SHALL be interpreted. If this attribute is not present, the URI SHALL be processed as a normal URI. The usage of ValueType is RECOMMENDED for local URIs."

Section 6.3.2 Encoding Binary Security Tokens of Web Services Security: SOAP Message Security Working Draft 17, Wednesday, 27 August 2003 states:

"/wsse:BinarySecurityToken/@ValueType
        The ValueType attribute is used to indicate the "value space" of the encoded binary data (e.g. an X.509 certificate). The ValueType attribute allows a qualified name that defines the value type and space of the encoded binary data. This attribute is extensible using XML namespaces. Subsequent specifications MUST define the ValueType value for the tokens that they define. The usage of ValueType is RECOMMENDED."

The description of the SecurityTokenReference/Reference/@ValueType attribute would have been more understandable if it hadn't referenced the BinarySecurityToken. After reading that section, I am not sure I understand how these attributes differ in purpose. It seems odd that usage of the ValueType attribute would be recommended for both the wsse:BinarySecurityToken and the wsse:SecurityTokenReference that points to it.

My understanding is that the description of the SecurityTokenReference/Reference/@ValueType attribute is incorrect.

Thanks,
Mike

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]