OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Issue 196: QNames

Issue 196, Qname usage vs URIs.

Proposal

We do not postpone the change to URIs but do it now to minimize impact.  Can decide on Dec 16 and incorporate in final edits

Rationale

It seems we still have time make a change from QNames to URIs without jeopardizing the schedule. The value of the lessons learned from the informal interop will not be lost with this change.

Making the change now, earlier, could minimize the impact on subsequent implementations and profiles. Postponing will magnify confusion and versioning problems.

Benefits of making the change include (1) reduce  potential issues associated with canonicalization and QNames (when values are included in signatures) and (2) avoid the need to define mappings to corresponding URIs or defining mechanism to allow either, minimizing confusion (see TAG finding http://www.w3.org/2001/tag/doc/qnameids.html )

Downside is rework of core and profiles.

Impact is primary on schema definitions, existing implementations, and definitions as follows

(A) SOAP Message Security:

(1) wsse:BinarySecurityToken/@EncodingType -

core - Base64Binary, default value

(2) wsse:BinarySecurityToken/@ValueType -

core - no definitions

X.509 token profile - wsse:X509v3, wsse:X509PKIPathv1, wsse:PKCS7

Username token profile - wsse:UsernameToken

XrML - wsse:license

(3) wsse:SecurityTokenReference/@Usage

core - values TBD in core (?)

(4) wsse:SecurityTokenReference/Reference/@ValueType -

core - see BinarySecurityToken definitions. Any for non-Binary security tokens?

(5) wsse:SecurityTokenReference/Reference/@KeyIdentifier

core - no definitions

X509 - X509SubjectKeyIdentifier

(B) UserName Token Profile

wsse:UserNameToken/@Type, 

Username token profile - wsse:PasswordText, wsse:PasswordDigest

wsse:UserNameToken/Nonce/@EncodingType,  with values as defined for BinarySecurityToken

Looking in the schema files I think there are additional QNames, such as for password values, but maybe I'm looking at the wrong files.

----

Considering Kelvin's proposal (if understood correctly), corresponding URIs could be of the form:


http://www.docs.oasis-open.org/wss/2003/12/oasis-####-wss-X509-token-profile-1.0#X509PKIPathv1

where the last # is a fragment delimiter (URI usage similar to XML DSig) -

---


I assume Faultcodes are out of the scope of this issue.

What do people think we should do with this issue of QNames?


regards, Frederick

Frederick Hirsch
Nokia Mobile Phones

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]