[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 196: QNames
Issue 196, Qname usage vs URIs.
Proposal
We do not postpone the change to URIs but do it now to minimize impact. Can decide on Dec 16 and incorporate in final edits
Rationale
It seems we
still have time make a change from QNames to URIs without jeopardizing the
schedule. The value of the lessons learned from the informal interop will not be
lost with this change.
Making the change now, earlier, could minimize the impact on
subsequent implementations and profiles. Postponing will magnify confusion and
versioning problems.
Benefits of making the change include (1)
reduce potential issues associated with canonicalization and QNames (when
values are included in signatures) and (2) avoid the need to define mappings to
corresponding URIs or defining mechanism to allow either, minimizing confusion
(see TAG finding http://www.w3.org/2001/tag/doc/qnameids.html )
Downside is rework of core and profiles.
Impact is primary on schema definitions, existing implementations, and definitions as follows
(A) SOAP Message Security:
(1) wsse:BinarySecurityToken/@EncodingType -
core - Base64Binary, default value
(2) wsse:BinarySecurityToken/@ValueType -
core - no definitions
X.509 token profile - wsse:X509v3, wsse:X509PKIPathv1, wsse:PKCS7
Username token profile - wsse:UsernameToken
XrML - wsse:license
(3) wsse:SecurityTokenReference/@Usage
core - values TBD in core (?)
(4) wsse:SecurityTokenReference/Reference/@ValueType -
core - see BinarySecurityToken definitions. Any for non-Binary security tokens?
(5) wsse:SecurityTokenReference/Reference/@KeyIdentifier
core - no definitions
X509 - X509SubjectKeyIdentifier
(B) UserName Token Profile
wsse:UserNameToken/@Type,
Username token profile - wsse:PasswordText, wsse:PasswordDigest
wsse:UserNameToken/Nonce/@EncodingType, with values as
defined for BinarySecurityToken
Looking in the schema files I think there are additional QNames, such as for password values, but maybe I'm looking at the wrong files.
----
Considering Kelvin's proposal (if understood correctly), corresponding URIs could be of the form:
http://www.docs.oasis-open.org/wss/2003/12/oasis-####-wss-X509-token-profile-1.0#X509PKIPathv1
---
I assume Faultcodes
are out of the scope of this issue.
What do people think we should do with this issue of QNames?
regards, Frederick
Frederick
Hirsch
Nokia Mobile Phones
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]