OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [WSS] Questions on STR Transform


Title: [WSS] Questions on STR Transform

Hi Team,

We are still a bit unclear on how to implement STR Transform. Here are a few comments from my colleague Werner Dittman.

- does the result of the STR Transform replace the
  whole SecurityTokenReference element including its
  descendants or does it replace only the relevant
  reference elements inside the STR, e.g. Reference
  or X509IssuerSerial and their descendants, and leave
  the STR element untouched?
  IMO thats not very clear from the specs. Examples would
  be helpful :-)  (similar to those in the c14n
  specs).

- if STR Transform is applied to e.g. an X509IssuerSerial
  reference we have to distinguish two main cases:
  a) the X509 certificate is included in the message as
     BinarySecurityToken
  b) the X509 certificate is in some certificate store.

  While performing the STR Transform, then for

  Case a): replace the relevant SecurityToken
  element with the BST directly without modification.
  (This is clearly specified. However, there were some
   discussion if the the token shall be decoded into
   binary data or left as Base64 encoded data.)

  Case b): wrap the "binary data" in a BST. AFAIK X509
  certificates an be represented in several ways as
  "binary data": ASN.1 encoded, PKCS format, maybe others.

  IMO, its not enough to just state "binary data", in most
  cases some more specification is necessary.

Thanks,
dims

Davanum Srinivas
Computer Associates
Senior Architect, Web Services Group
Tel: +1 508 628 8251
davanum.srinivas@ca.com



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]