OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wss] Issue 293 proposed resolution



Frederick.Hirsch@nokia.com wrote:

>Ron
>
>Your message confused me. Are you saying the token type table can be
>extended with additional types or that the entry should be x509 instead
>of x509v3, or are you saying the token type should not delineate between
>x509 versions?
>  
>
Frederick,

The latter.

(BTW, I changed the subject, as this stuff does not pertain to SwA)

>
>My point was that the x509 token type entry should be consistent with
>the rest of the profile that refers to x509v3 so that the current
>profile is internally consistent, thus suggested changing the table
>entry so it is consistent.
>  
>
Yes, but AFAIK, the errata to the profile, removed the version 
distinction on
the token type. I think there are still a few more edits that are needed 
to complete
that job (i.e. in the table starting at line 172,  at line 336, and at 
line 403).

Also, despite my earlier recommendation, it likely also be a good idea
to simplify the name that  identifies a subject key identifier as follows:

.s/#X509v3SubjectKeyIdentifier/#X509SubjectKeyIdentifier/

At this time, SIDS may only be used to identify v3 certificates, but it 
doesn't seem
necessary to bind v3 into the name of the type.

http://www.oasis-open.org/apps/org/workgroup/wss/download.php/8630/oasis-200401-wss-x509-token-profile-1.0-final%20errata%20updates.pdf

Ron

>Thanks
>
>Regards, Frederick
>
>Frederick Hirsch
>Nokia
> 
>
>-----Original Message-----
>From: ext Ron Monzillo [mailto:Ronald.Monzillo@sun.com] 
>Sent: Monday, August 23, 2004 11:52 AM
>To: Hirsch Frederick (Nokia-TP/Boston)
>Cc: dkaufman@forumsys.com; wss@lists.oasis-open.org
>Subject: Re: [wss] Issue 312 proposed resolution
>
>Frederick,
>
>IN our resolution to issue 293, we decided to limit the degree to which
>the X509 profile was confined to v3 certicates.
>
>The line you cite was once likely in error. However, going forward, we
>should be removing such qualifications.
>
>Ron
>
>Frederick.Hirsch@nokia.com wrote:
>
>  
>
>>Dana
>>
>> 
>>
>>    
>>
><snip>
>
>  
>
>>I also note a typo in the X.509 token profile, x509 should be x509v3 in
>>    
>>
>
>  
>
>>the table at line 187.
>>
>>Thanks
>>
>>Regards, Frederick
>>
>>Frederick Hirsch
>>Nokia
>> 
>>
>>    
>>
>
>
>
>To unsubscribe from this mailing list (and be removed from the roster of
>the OASIS TC), go to
>http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup
>.php.
>
>  
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]