[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] Action Item 2005-08-23-01: Kerberos Token Profile andRFC1510 vs RFC 4120
Martin Gudgin wrote On 09/20/05 10:42,: > Ron, > > Sorry, I've just found this... I think I agree that we need to say > something about wsse11:TokenType. > > Regarding whether we define values for ValueType, I think it depends on > whether you think 1.1 token types can be used with WSS 1.0. > thanks - If necessary, I am OK with senders being required to specify ValueType in addition to TokenType (for this profile) Ron > Gudge > > >>-----Original Message----- >>From: Ron Monzillo [mailto:Ronald.Monzillo@Sun.COM] >>Sent: 06 September 2005 09:16 >>To: Martin Gudgin >>Cc: wss@lists.oasis-open.org >>Subject: Re: [wss] Action Item 2005-08-23-01: Kerberos Token >>Profile and RFC1510 vs RFC 4120 >> >>Martin, >> >>Does the Krb5 token profile require that 1.1 message senders set the >>wsse:TokenType attribute in STR values? >> >>Note that in lines 924 to 928 of the core we recommended that use of >>the Reference:ValueType attribute to identify the type of a referenced >>token be discontinued (and that new profiles should employ >>the TokenType >>attribute for this purpose). >> >>we expect that this may be an evolutionary process, where for >>some time, >>the ValueType attribute may continue to be used in addition to the >>TokenType attribute. >> >>Since the KrB5 profile is being standardized by 1.1, it would >>seem that >>we could do without specifying new values to be included in ValuType, >>and that these new token type identifying values could and should be >>introduced as TokenType values. >> >>Ron >> >> >> >>Martin Gudgin wrote: >> >>>Having surveyed the vast array of interop participants I >> >>believe we have >> >>>two possible courses of action; >>> >>> >>>1. Do nothing. >>> >>>2. Update the Kerberos Token Profile by making the following >>>changes; >>> >>> a) Add a reference to RFC4120 to Section 5. >>> >>> b) Add 4 URIs to the table in Section 3.2 as follows >>> >>>URI: >>> >> >>http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber >>os-token-p >> >>>rofile-1.1#Kerberosv5_AP_REQ1510 >>>Description: Kerberos v5 AP-REQ as defined in RFC1510. This >> >>ValueType is >> >>>used when the ticket is an AP Request per RFC1510 >>> >>>URI: >>> >> >>http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber >>os-token-p >> >>>rofile-1.1#GSS_Kerberosv5_AP_REQ1510 >>>Description: A GSS wrapped Kerberos v5 AP-REQ as defined in >> >>the GSSAPI >> >>>specification. This ValueType is used when the ticket is an >> >>AP Request >> >>>(ST + Authenticator) per RFC1510. >>> >>>URI: >>> >> >>http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber >>os-token-p >> >>>rofile-1.1#Kerberosv5_AP_REQ4120 >>>Description: Kerberos v5 AP-REQ as defined in RFC4120. This >> >>ValueType is >> >>>used when the ticket is an AP Request per RFC4120 >>> >>>URI: >>> >> >>http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber >>os-token-p >> >>>rofile-1.1#GSS_Kerberosv5_AP_REQ4120 >>>Description: A GSS wrapped Kerberos v5 AP-REQ as defined in >> >>the GSSAPI >> >>>specification. This ValueType is used when the ticket is an >> >>AP Request >> >>>(ST + Authenticator) per RFC4120. >>> >>> c) Amend the descriptions of the first URI currently in Section >>>3.2 as follows; >>> >>>URI: >>> >> >>http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber >>os-token-p >> >>>rofile-1.1#Kerberosv5_AP_REQ >>>Description: Kerberos v5 AP-REQ as defined in either RFC1510 and >>>RFC4120. This ValueType is used when the ticket is an AP Request. >>> >>> >>>Regards >>> >>>Gudge >>> >>> >> >>--------------------------------------------------------------------- >> >>>To unsubscribe from this mail list, you must leave the OASIS TC that >>>generates this mail. You may a link to this group and all >> >>your TCs in OASIS >> >>>at: >>> >> >>https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >> >>-- >> >> >> > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > --
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]