You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by Andro Maque <an...@live.com> on 2009/01/30 08:15:23 UTC

Compliance WSS 1.1 (WSS-105)














Hello:

On 2008/02/09,  Mayank Mishra reported a compliance problem with WSS 1.1 specifications regarding the valueType
attribute of the KeyIdentifier element (see
http://marc.info/?l=wss4j-dev&m=120428958115637&w=2#2).

I'm reviewing the current specification and I find no mention to "x509v1" as a valid valueType for a Binary Security Token. I guess that it was specified as valid while the bug was reported; since then, an errata was published
correcting this feature. It seems that "x509v1" is no longer a valid
valueType in a security token.

Affected versions: 1.5.4 & 1.5.5

See: http://www.oasis-open.org/specs/#wssv1.1
and the 3 documents:

X.509 Token Profile 1.1 X.509 Token Profile 1.1 Errata (only) X.509 Token Profile 1.1 Errata (merged)  
Regards.

Andro.

_________________________________________________________________
Show them the way! Add maps and directions to your party invites. 
http://www.microsoft.com/windows/windowslive/events.aspx

RE: Compliance WSS 1.1 (WSS-105)

Posted by Colm O hEigeartaigh <co...@progress.com>.

Yup good catch, I'll reopen the JIRA to remove this patch for 1.5.6.

 

Colm.

 

________________________________

From: Andro Maque [mailto:andromaque@live.com] 
Sent: 30 January 2009 07:15
To: wss4j-dev@ws.apache.org
Subject: Compliance WSS 1.1 (WSS-105)

 


Hello:

On 2008/02/09,  Mayank Mishra reported a compliance problem with WSS 1.1
specifications regarding the valueType attribute of the KeyIdentifier
element (see http://marc.info/?l=wss4j-dev&m=120428958115637&w=2#2).

I'm reviewing the current specification and I find no mention to
"x509v1" as a valid valueType for a Binary Security Token. I guess that
it was specified as valid while the bug was reported; since then, an
errata was published correcting this feature. It seems that "x509v1" is
no longer a valid valueType in a security token.

Affected versions: 1.5.4 & 1.5.5

See: http://www.oasis-open.org/specs/#wssv1.1
and the 3 documents:

*	X.509 Token Profile 1.1
<http://www.oasis-open.org/committees/download.php/16785/wss-v1.1-spec-o
s-x509TokenProfile.pdf>  
*	X.509 Token Profile 1.1 Errata (only)
<http://docs.oasis-open.org/wss/v1.1/wss-v1.1-errata-os-x509TokenProfile
.pdf>  
*	X.509 Token Profile 1.1 Errata (merged)
<http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-errata-os-x509TokenPr
ofile.pdf> 


Regards.

Andro.

________________________________

See all the ways you can stay connected to friends and family
<http://www.microsoft.com/windows/windowslive/default.aspx>