OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [wss] RE: [wss-comment] recursive Security Token References


DeMartini, Thomas wrote:
 > So, if we edited 903-904 as follows (removing things in {} and adding
 > things in []), would the new words be sufficiently unambiguous?
 >
 > "This optional attribute specifies an abstract URI for {where to find} a
 > security token. If a fragment is specified, then it indicates the local
 > ID of the [security] token being referenced. [The URI MUST identify a
 > security token.  The URI MUST NOT identify a wsse:SecurityTokenReference
 > element, a wsse:Embedded element, a wsse:Reference element, or a
 > wsse:KeyIdentifier element.]"


Let's see, applying the transform to make it easier to read, yields...


    This optional attribute specifies an abstract URI for a
    security token. If a fragment is specified, then it indicates the local
    ID of the security token being referenced. The URI MUST identify a
    security token.  The URI MUST NOT identify a wsse:SecurityTokenReference
    element, a wsse:Embedded element, a wsse:Reference element, or a
    wsse:KeyIdentifier element.


Yes, I believe that statement itself is sufficiently unambiguous, thanks.

A subtle-but-important wrinkle behind this, though, that I noticed in reading 
thru the spec with the above security token reference restrictions in mind, is: 
there is not, in the spec, what I consider a concise definition of what 
precisely constitutes a "security token".

I presume, for example, that we consider <wsse:BinarySecurityToken>, along with 
anything it might contain, to be a "security token". The same for 
<wsse:UsernameToken>. And thus it is ok, per the restriction above, for an STR 
to reference them, yes?

JeffH









[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]