OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] Comments on Sender-Vouches-Signed section in SAML Interop draft



Another update required in the “WSS:SAML Token Profile” and the “WSS: SAML Interop 1 Scenarios” documents is the algorithm name for the STR-Transform that goes into the dsig:Transform Algorithm attribute value.  The SAML documents list the algorithm as http://schemas.xmlsoap.org/ws/2003/06/STR-Transform in the examples.


The WSS Soap Message Security document however recommends: http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#STR-Transform




From: Levinson, Richard [mailto:rlevinson@netegrity.com]
Sent: Tuesday, March 23, 2004 10:46 AM
To: Maneesh Sahu; wss@lists.oasis-open.org
Subject: RE: [wss] Comments on Sender-Vouches-Signed section in SAML Interop draft




Thank you for calling my attention to your earlier email at today's meeting.

I had missed it earlier.


In any event, you are correct on all 3 comments. The first (rsa-sha1) and

third (#attesterCert) are simply typos that should be corrected.


The 2nd comment (STR-Transform) is redundant as you indicate,

however, it was derived from the SAML profile document,

which used the STR to reference an external assertion.

Also, it is intended to be demonstrative of using the

STR to reference assertions, and its redundancy should not

interfere with operation: i.e. a message should not be rejected,

in general, as long as it is compliant with the WS-Security spec,

and associated token profile.


I will hold off updating the spec with the typo fixes for a couple

of weeks to see if additional comments come in.




    Rich Levinson




From: Maneesh Sahu [mailto:maneesh@westbridgetech.com]
Sent: Thursday, February 05, 2004 8:09 PM
To: wss@lists.oasis-open.org
Subject: [wss] Comments on Sender-Vouches-Signed section in SAML Interop draft



I have a few comments and need some clarifications on the example provided with the sender-vouches:signed section:


Page 25


Line 688: Shouldnt the signature method be rsa-sha1 instead of hmac-sha1 ?

Line 691: For sender-vouches, the STR-Transform may be a bit redundant. It may be useful for holder-of-key where the assertions are immutable and need to be referenced differently.

Line 708: Shouldnt the reference URI be #attesterCert instead of attesterCert ?


Apologies if these issues have been tackled earlier...this is my first day on the group.



Maneesh Sahu

Westbridge Technology, Inc.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]