ws-sx message

Subject: Issue 4 - Trust recommendations
From: Marc Goodner <mgoodner@microsoft.com>
To: "ws-sx@lists.oasis-open.org" <ws-sx@lists.oasis-open.org>
Date: Wed, 16 Aug 2006 19:52:09 -0700
All,

Here is the issue 4 proposal for Trust.

WS-Trust
ED-01 rev 08
Normative
[RFC2119] S. Bradner, "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, Harvard University, March 1997.
http://www.ietf.org/rfc/rfc2119.txt

[RFC2246] IETF Standard, "The TLS Protocol", January 1999.
http://www.ietf.org/rfc/rfc2246.txt
Recommend keeping as BSP references this version.
Referenced as an example on line 223.
Normative reference on line 859 in description of ComputedKey.

[SOAP] W3C Note, "SOAP: Simple Object Access Protocol 1.1", 08 May 2000.
http://www.w3.org/TR/2000/NOTE-SOAP-20000508/

[SOAP12] W3C Recommendation, "SOAP 1.2 Part 1: Messaging Framework", 24 June 2003.
http://www.w3.org/TR/2003/REC-soap12-part1-20030624/

[URI] T. Berners-Lee, R. Fielding, L. Masinter, "Uniform Resource Identifiers (URI): Generic Syntax", RFC 3986, MIT/LCS, Day Software, Adobe Systems, January 2005.
http://www.ietf.org/rfc/rfc3986.txt
Line 56 first referenced occurrence.
Recommend using RFC 3986 which made 2396 obsolete on grounds that SP uses 3986.

[WS-Addressing] W3C Recommendation, "Web Services Addressing (WS-Addressing)", 9 May 2006.
http://www.w3.org/TR/2006/REC-ws-addr-core-20060509
Used in namespace prefix table and throughout examples and exemplars. First explicit normative reference on line 354.
Recommend using Recommendation rather than Submission version as the TC interop event has.

[WS-Policy] W3C Member Submission "Web Services Policy 1.2 - Framework", 25 April 2006.
http://www.w3.org/Submission/2006/SUBM-WS-Policy-20060425/

[WS-PolicyAttachment] "Web Services Policy 1.2 - Attachment", BEA, IBM, Microsoft, SAP, Sonic Software, VeriSign, 25 April 2006.
http://www.w3.org/Submission/2006/SUBM-WS-PolicyAttachment-20060425/
Suggest updating reference to W3C submission.
First reference as guidance on line 158/159. First normative reference on line 2194.

[WS-Security]
OASIS Standard, "OASIS Web Services Security: SOAP Message Security 1.0 (WS-Security 2004)", March 2004.
OASIS Standard, "OASIS Web Services Security: SOAP Message Security 1.1 (WS-Security 2004)", February 2006.

Used throughout spec.
Update to include version 1.1.

[XML-C14N] W3C Recommendation, "Canonical XML Version 1.0", 15 March 2001.
http://www.w3.org/TR/2001/REC-xml-c14n-20010315
Term “canonicaliztion” used in an example on line 1834 without reference. Term used again, normatively, on line 1984 in description of CanonicalizationAlgorithm without reference. Add reference.
Suggest to reference Recommendation version as WSS 1.1 does, rather than the current Candidate Recommendation reference.

[XML-Encrypt] W3C Recommendation, "XML Encryption Syntax and Processing", 10 December 2002.
http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/
First referenced on line 1981.

[XML-Signature] W3C Recommendation, "XML-Signature Syntax and Processing", 12 February 2002.
http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/
Referred to throughout via use of “sign”, “integrity” and the namespace prefix ds. Recommend adding reference to definition of Signature on line 80. References on lines 1977 and 1985 missing “-“.
Suggest to also update reference to Recommendation rather than existing Candidate Recommendation link as WSS 1.1 does.

[XML-Schema1] W3C Recommendation, "XML Schema Part 1: Structures Second Edition", 28 October 2004.
http://www.w3.org/TR/2004/REC-xmlschema-1-20041028/
Implicit should be referenced in section 1.4 defining schema file. Recommend using 2nd edition as SP does.

[XML-Schema2] W3C Recommendation, "XML Schema Part 2: Datatypes Second Edition", 28 October 2004.
http://www.w3.org/TR/2004/REC-xmlschema-2-20041028/
Implicit should be referenced in section 1.4 defining schema file. Recommend using 2nd edition as SP does.
Non-Normative
[WS-Federation] "Web Services Federation Language," BEA, IBM, Microsoft, RSA Security, VeriSign, July 2003.
First reference as an example on line 229.

[WS-SecurityPolicy] "Web Services Security Policy Language", tbd
Update to TC version.
First reference as an example on line 1483.

[X509] S. Santesson, et al,"Internet X.509 Public Key Infrastructure Qualified Certificates Profile."
http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.509-200003-I
First instance on line 73, missing reference. Used as an example in many other places as well.
*Note* This is the same reference as WSS 1.1 but the link does not resolve.

[Kerberos] J. Kohl and C. Neuman, "The Kerberos Network 149 Authentication Service (V5)," RFC 1510, September 1993.
http://www.ietf.org/rfc/rfc1510.txt
Used as an example on line 191, missing reference. Used as an example in many other places as well.
Same reference as WSS 1.1.
Remove
[XML-ns] W3C Recommendation, "Namespaces in XML", 14 January 1999.
Not used, implicit.