OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wss] Issue 196: QNames

Frederick,

Sorry I missed the call today,
I support your proposal.

Ron

Frederick.Hirsch@nokia.com wrote:

> Issue 196, Qname usage vs URIs.
>
> Proposal
>
> We do not postpone the change to URIs but do it now to minimize 
> impact.  Can decide on Dec 16 and incorporate in final edits
>
> Rationale
>
> It seems we still have time make a change from QNames to URIs without 
> jeopardizing the schedule. The value of the lessons learned from the 
> informal interop will not be lost with this change.
>
> Making the change now, earlier, could minimize the impact on 
> subsequent implementations and profiles. Postponing will magnify 
> confusion and versioning problems.
>
> Benefits of making the change include (1) reduce  potential issues 
> associated with canonicalization and QNames (when values are included 
> in signatures) and (2) avoid the need to define mappings to 
> corresponding URIs or defining mechanism to allow either, minimizing 
> confusion (see TAG finding http://www.w3.org/2001/tag/doc/qnameids.html )
>
> Downside is rework of core and profiles.
>
> Impact is primary on schema definitions, existing implementations, and 
> definitions as follows
>
> (A) SOAP Message Security:
>
> (1) wsse:BinarySecurityToken/@EncodingType -
>
> core - Base64Binary, default value
>
> (2) wsse:BinarySecurityToken/@ValueType -
>
> core - no definitions
>
> X.509 token profile - wsse:X509v3, wsse:X509PKIPathv1, wsse:PKCS7
>
> Username token profile - wsse:UsernameToken
>
> XrML - wsse:license
>
> (3) wsse:SecurityTokenReference/@Usage
>
> core - values TBD in core (?)
>
> (4) wsse:SecurityTokenReference/Reference/@ValueType -
>
> core - see BinarySecurityToken definitions. Any for non-Binary 
> security tokens?
>
> (5) wsse:SecurityTokenReference/Reference/@KeyIdentifier
>
> core - no definitions
>
> X509 - X509SubjectKeyIdentifier
>
> (B) UserName Token Profile
>
> wsse:UserNameToken/@Type, 
>
> Username token profile - wsse:PasswordText, wsse:PasswordDigest
>
> wsse:UserNameToken/Nonce/@EncodingType,  with values as defined for 
> BinarySecurityToken
>
> Looking in the schema files I think there are additional QNames, such 
> as for password values, but maybe I'm looking at the wrong files.
>
> ----
>
> Considering Kelvin's proposal (if understood correctly), corresponding 
> URIs could be of the form:
>
>
> http://www.docs.oasis-open.org/wss/2003/12/oasis-####-wss-X509-token-profile-1.0#X509PKIPathv1 
>
>
> where the last # is a fragment delimiter (URI usage similar to XML 
> DSig) -
>
> ---
>
>
> I assume Faultcodes are out of the scope of this issue.
>
> What do people think we should do with this issue of QNames?
>
>
> regards, Frederick
>
> Frederick Hirsch
> Nokia Mobile Phones
>
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]