[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] Issue 310: Multiple reference forms in aSecurityTokenReference
My action item from today's TC call Thumbprint references were developed as a means to ensure an unambiguous token reference; especially to ensure that authorized claims are attributed to a message as a result of a successful signature validation. I inserted some comments on the following text. Vijay Gajjala wrote: >There are two parts to the proposal. > >1. This specification allows for the use of multiple reference >mechanisms within a single SecurityTokenReference. When multiple >references are present in a given SecurityTokenReference, they MUST >resolve to a single token in common. Specific token profiles SHOULD > It would seem simpler to say to the same token, but that would seem to embody a paradox, as the apparent reason for the use of thumbprints is the potential ambiguity of the augmented reference form. IOW, If the reference from being augmented by the thumbprint must resolve to one token (i.e the same token), then it would seem difficult to justify the need for the thumbprint. It would seem that the phrase "single token in common" is intended to mean that there must be one token in the intersection of the token sets resulting from the resolution of the various reference forms. That seems correct to me; but maybe folks should comment, or further clarify the language. >define the reference mechanisms to be used. > >2. A thumbprint reference MUST occur in combination with a required to >be supported (by the applicable profile) reference form unless >. a thumbprint reference is among the reference forms required to be >supported by the applicable profle, or >. the parties to the communication have agreed to accept only thumbprint > agreeing to accept references with only a thumbprint, is a superset of agreeding to accept only thumbprint references. IOW s/only thumbprint/thumbprint only/ Ron >refererences. > > >Let us discuss applicabilty of the two parts to the specific issue at >our conf call tomorrow. >Thanks >Vijay > >--------------------------------------------------------------------- >To unsubscribe, e-mail: wss-unsubscribe@lists.oasis-open.org >For additional commands, e-mail: wss-help@lists.oasis-open.org > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]