[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [WSS] Questions on STR Transform
Hi Team,
We are still a bit unclear on how to implement STR Transform. Here are a few comments from my colleague Werner Dittman.
- does the result of the STR Transform replace the
whole SecurityTokenReference element including its
descendants or does it replace only the relevant
reference elements inside the STR, e.g. Reference
or X509IssuerSerial and their descendants, and leave
the STR element untouched?
IMO thats not very clear from the specs. Examples would
be helpful :-) (similar to those in the c14n
specs).
- if STR Transform is applied to e.g. an X509IssuerSerial
reference we have to distinguish two main cases:
a) the X509 certificate is included in the message as
BinarySecurityToken
b) the X509 certificate is in some certificate store.
While performing the STR Transform, then for
´
Case a): replace the relevant SecurityToken
element with the BST directly without modification.
(This is clearly specified. However, there were some
discussion if the the token shall be decoded into
binary data or left as Base64 encoded data.)
Case b): wrap the "binary data" in a BST. AFAIK X509
certificates an be represented in several ways as
"binary data": ASN.1 encoded, PKCS format, maybe others.
IMO, its not enough to just state "binary data", in most
cases some more specification is necessary.
Thanks,
dims
Davanum Srinivas
Computer Associates
Senior Architect, Web Services Group
Tel: +1 508 628 8251
davanum.srinivas@ca.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]