OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [wss] Comments on Sender-Vouches-Signed section in SAML Interopdraft


Maneesh et al.,

You have found a problem in the STP, but the core document says:

"This transform is specified by the URI #STR-Transform (Note that URI 
fragments are relative to 972
this document's URI) 973"

So if the correct URI based on the schema or the document?
You chose to base it off the schema. Should it be, or am I taking the 
lines 972
too literally?

http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transfrom 



Ron

Maneesh Sahu wrote:

> Rich,
>
> Another update required in the “WSS:SAML Token Profile” and the “WSS: 
> SAML Interop 1 Scenarios” documents is the algorithm name for the 
> STR-Transform that goes into the dsig:Transform Algorithm attribute 
> value. The SAML documents list the algorithm as 
> http://schemas.xmlsoap.org/ws/2003/06/STR-Transform in the examples.
>
> The WSS Soap Message Security document however recommends: 
> http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#STR-Transform 
>
>
> --ms
>
> ------------------------------------------------------------------------
>
> From: Levinson, Richard [mailto:rlevinson@netegrity.com]
> Sent: Tuesday, March 23, 2004 10:46 AM
> To: Maneesh Sahu; wss@lists.oasis-open.org
> Subject: RE: [wss] Comments on Sender-Vouches-Signed section in SAML 
> Interop draft
>
> Maneesh,
>
> Thank you for calling my attention to your earlier email at today's 
> meeting.
>
> I had missed it earlier.
>
> In any event, you are correct on all 3 comments. The first (rsa-sha1) and
>
> third (#attesterCert) are simply typos that should be corrected.
>
> The 2nd comment (STR-Transform) is redundant as you indicate,
>
> however, it was derived from the SAML profile document,
>
> which used the STR to reference an external assertion.
>
> Also, it is intended to be demonstrative of using the
>
> STR to reference assertions, and its redundancy should not
>
> interfere with operation: i.e. a message should not be rejected,
>
> in general, as long as it is compliant with the WS-Security spec,
>
> and associated token profile.
>
> I will hold off updating the spec with the typo fixes for a couple
>
> of weeks to see if additional comments come in.
>
> Thanks,
>
> Rich Levinson
>
>     ------------------------------------------------------------------------
>
>     From: Maneesh Sahu [mailto:maneesh@westbridgetech.com]
>     Sent: Thursday, February 05, 2004 8:09 PM
>     To: wss@lists.oasis-open.org
>     Subject: [wss] Comments on Sender-Vouches-Signed section in SAML
>     Interop draft
>
>     Hi,
>
>     I have a few comments and need some clarifications on the example
>     provided with the sender-vouches:signed section:
>
>     Page 25
>
>     Line 688: Shouldnt the signature method be rsa-sha1 instead of
>     hmac-sha1 ?
>
>     Line 691: For sender-vouches, the STR-Transform may be a bit
>     redundant. It may be useful for holder-of-key where the assertions
>     are immutable and need to be referenced differently.
>
>     Line 708: Shouldnt the reference URI be #attesterCert instead of
>     attesterCert ?
>
>     Apologies if these issues have been tackled earlier...this is my
>     first day on the group.
>
>     --ms
>
>     Maneesh Sahu
>
>     Westbridge Technology, Inc.
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]