[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] Issue 196: QNames
Frederick, Sorry I missed the call today, I support your proposal. Ron Frederick.Hirsch@nokia.com wrote: > Issue 196, Qname usage vs URIs. > > Proposal > > We do not postpone the change to URIs but do it now to minimize > impact. Can decide on Dec 16 and incorporate in final edits > > Rationale > > It seems we still have time make a change from QNames to URIs without > jeopardizing the schedule. The value of the lessons learned from the > informal interop will not be lost with this change. > > Making the change now, earlier, could minimize the impact on > subsequent implementations and profiles. Postponing will magnify > confusion and versioning problems. > > Benefits of making the change include (1) reduce potential issues > associated with canonicalization and QNames (when values are included > in signatures) and (2) avoid the need to define mappings to > corresponding URIs or defining mechanism to allow either, minimizing > confusion (see TAG finding http://www.w3.org/2001/tag/doc/qnameids.html ) > > Downside is rework of core and profiles. > > Impact is primary on schema definitions, existing implementations, and > definitions as follows > > (A) SOAP Message Security: > > (1) wsse:BinarySecurityToken/@EncodingType - > > core - Base64Binary, default value > > (2) wsse:BinarySecurityToken/@ValueType - > > core - no definitions > > X.509 token profile - wsse:X509v3, wsse:X509PKIPathv1, wsse:PKCS7 > > Username token profile - wsse:UsernameToken > > XrML - wsse:license > > (3) wsse:SecurityTokenReference/@Usage > > core - values TBD in core (?) > > (4) wsse:SecurityTokenReference/Reference/@ValueType - > > core - see BinarySecurityToken definitions. Any for non-Binary > security tokens? > > (5) wsse:SecurityTokenReference/Reference/@KeyIdentifier > > core - no definitions > > X509 - X509SubjectKeyIdentifier > > (B) UserName Token Profile > > wsse:UserNameToken/@Type, > > Username token profile - wsse:PasswordText, wsse:PasswordDigest > > wsse:UserNameToken/Nonce/@EncodingType, with values as defined for > BinarySecurityToken > > Looking in the schema files I think there are additional QNames, such > as for password values, but maybe I'm looking at the wrong files. > > ---- > > Considering Kelvin's proposal (if understood correctly), corresponding > URIs could be of the form: > > > http://www.docs.oasis-open.org/wss/2003/12/oasis-####-wss-X509-token-profile-1.0#X509PKIPathv1 > > > where the last # is a fragment delimiter (URI usage similar to XML > DSig) - > > --- > > > I assume Faultcodes are out of the scope of this issue. > > What do people think we should do with this issue of QNames? > > > regards, Frederick > > Frederick Hirsch > Nokia Mobile Phones > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]