OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] Action Item 2005-08-23-01: Kerberos Token Profile and RFC1510 vs RFC 4120

 

> -----Original Message-----
> From: ronald monzillo [mailto:Ronald.Monzillo@Sun.COM] 
> Sent: 20 September 2005 16:30
> To: Martin Gudgin
> Cc: Ronald.Monzillo@Sun.COM; wss@lists.oasis-open.org
> Subject: Re: [wss] Action Item 2005-08-23-01: Kerberos Token 
> Profile and RFC1510 vs RFC 4120
> 
> 
> 
> Martin Gudgin wrote On 09/20/05 10:42,:
> > Ron,
> > 
> > Sorry, I've just found this... I think I agree that we need to say
> > something about wsse11:TokenType.
> > 
> > Regarding whether we define values for ValueType, I think 
> it depends on
> > whether you think 1.1 token types can be used with WSS 1.0.  
> > 
> thanks - If necessary, I am OK with senders being required to specify
> ValueType in addition to TokenType (for this profile)

I think my point was that a 1.0 sender might want to use the Kerberos
token. Such a sender would not know about wsse11:TokenType.

Gudge

> 
> Ron
> > Gudge
> > 
> > 
> >>-----Original Message-----
> >>From: Ron Monzillo [mailto:Ronald.Monzillo@Sun.COM] 
> >>Sent: 06 September 2005 09:16
> >>To: Martin Gudgin
> >>Cc: wss@lists.oasis-open.org
> >>Subject: Re: [wss] Action Item 2005-08-23-01: Kerberos Token 
> >>Profile and RFC1510 vs RFC 4120
> >>
> >>Martin,
> >>
> >>Does the Krb5 token profile require that 1.1 message senders set the
> >>wsse:TokenType attribute in STR values?
> >>
> >>Note that in lines 924 to 928 of the core we recommended that use of
> >>the Reference:ValueType attribute to identify the type of a 
> referenced
> >>token be discontinued (and that new profiles should employ 
> >>the TokenType
> >>attribute for this purpose).
> >>
> >>we expect that this may be an evolutionary process, where for 
> >>some time,
> >>the ValueType attribute may continue to be used in addition to the
> >>TokenType attribute.
> >>
> >>Since the KrB5 profile is being standardized by 1.1, it would 
> >>seem that
> >>we could do without specifying new values to be included in 
> ValuType,
> >>and that these new token type identifying values could and should be
> >>introduced as TokenType values.
> >>
> >>Ron
> >>
> >>
> >>
> >>Martin Gudgin wrote:
> >>
> >>>Having surveyed the vast array of interop participants I 
> >>
> >>believe we have
> >>
> >>>two possible courses of action;
> >>>
> >>>
> >>>1.	Do nothing.
> >>>
> >>>2.	Update the Kerberos Token Profile by making the following
> >>>changes;
> >>>
> >>>	a) Add a reference to RFC4120 to Section 5.
> >>>
> >>>	b) Add 4 URIs to the table in Section 3.2 as follows
> >>>
> >>>URI:
> >>>
> >>
> >>http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber
> >>os-token-p
> >>
> >>>rofile-1.1#Kerberosv5_AP_REQ1510
> >>>Description: Kerberos v5 AP-REQ as defined in RFC1510. This 
> >>
> >>ValueType is
> >>
> >>>used when the ticket is an AP Request per RFC1510
> >>>
> >>>URI:
> >>>
> >>
> >>http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber
> >>os-token-p
> >>
> >>>rofile-1.1#GSS_Kerberosv5_AP_REQ1510
> >>>Description: A GSS wrapped Kerberos v5 AP-REQ as defined in 
> >>
> >>the GSSAPI
> >>
> >>>specification. This ValueType is used when the ticket is an 
> >>
> >>AP Request
> >>
> >>>(ST + Authenticator) per RFC1510.
> >>>
> >>>URI:
> >>>
> >>
> >>http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber
> >>os-token-p
> >>
> >>>rofile-1.1#Kerberosv5_AP_REQ4120
> >>>Description: Kerberos v5 AP-REQ as defined in RFC4120. This 
> >>
> >>ValueType is
> >>
> >>>used when the ticket is an AP Request per RFC4120
> >>>
> >>>URI:
> >>>
> >>
> >>http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber
> >>os-token-p
> >>
> >>>rofile-1.1#GSS_Kerberosv5_AP_REQ4120
> >>>Description: A GSS wrapped Kerberos v5 AP-REQ as defined in 
> >>
> >>the GSSAPI
> >>
> >>>specification. This ValueType is used when the ticket is an 
> >>
> >>AP Request
> >>
> >>>(ST + Authenticator) per RFC4120.
> >>>
> >>>	c) Amend the descriptions of the first URI currently in Section
> >>>3.2 as follows;
> >>>
> >>>URI:
> >>>
> >>
> >>http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-kerber
> >>os-token-p
> >>
> >>>rofile-1.1#Kerberosv5_AP_REQ
> >>>Description: Kerberos v5 AP-REQ as defined in either RFC1510 and
> >>>RFC4120. This ValueType is used when the ticket is an AP Request.
> >>>
> >>>
> >>>Regards
> >>>
> >>>Gudge	
> >>>
> >>>
> >>
> >>------------------------------------------------------------
> ---------
> >>
> >>>To unsubscribe from this mail list, you must leave the 
> OASIS TC that
> >>>generates this mail.  You may a link to this group and all 
> >>
> >>your TCs in OASIS
> >>
> >>>at:
> >>>
> >>
> >>https://www.oasis-open.org/apps/org/workgroup/portal/my_work
> groups.php
> >>
> >>-- 
> >>	
> >>
> >>
> > 
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe from this mail list, you must leave the OASIS TC that
> > generates this mail.  You may a link to this group and all 
> your TCs in OASIS
> > at:
> > 
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
> > 
> 
> -- 
> 	
> 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]