OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Proposal for Issue 298

I previously pointed out that while the core says that there are four types of STR reference and gives an order of preference for using them, the X.509 Token Profile defines a method (the use of ds:IssuerSerial within ds:X509Data as a direct child of wsse:SecurityTokenReference) which is not any of the four.

Based on a suggestion by Mike Macintosh, I proposed that we make this into a Key Identifier. However at the last TC meeting (7/13) it was pointed out that this would not work because X509Data was a complex type and this would result in a schema validation error.

After some discussion I believe the solution with the least impact is to add to the errata of the core a statement that "For the purposes of determining the order of preference of reference types, the use of IssuerSerial within X509Data should be considered to be a form of Key Identifier."

This involves no schema changes and does not invalidate the interop testing. 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]