[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Comments on Sender-Vouches-Signed section in SAML Interop draft
Another update required in the “WSS:SAML Token Profile” and the “WSS: SAML Interop 1 Scenarios” documents is the algorithm name for the STR-Transform that goes into the dsig:Transform Algorithm attribute value. The SAML documents list the algorithm as http://schemas.xmlsoap.org/ws/2003/06/STR-Transform in the examples.
The WSS Soap Message Security document however recommends: http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#STR-Transform
Thank you for calling my attention to your earlier email at today's meeting.
I had missed it earlier.
In any event, you are correct on all 3 comments. The first (rsa-sha1) and
third (#attesterCert) are simply typos that should be corrected.
The 2nd comment (STR-Transform) is redundant as you indicate,
however, it was derived from the SAML profile document,
which used the STR to reference an external assertion.
Also, it is intended to be demonstrative of using the
STR to reference assertions, and its redundancy should not
interfere with operation: i.e. a message should not be rejected,
in general, as long as it is compliant with the WS-Security spec,
and associated token profile.
I will hold off updating the spec with the typo fixes for a couple
of weeks to see if additional comments come in.