[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 4 - SP recommendations
All, here is the issue 4 proposal for SP. Note that in my opinion there are no non-normative
references. It seems odd, but as SP is providing a description of other specs
it makes sense. In particular non-normative references seem to crop up in
examples within specs. In SP all of the examples are about using the SP
assertions that describe a particular spec. The effect is no non-normative
references. WS-SecurityPolicy
ED-01 rev 07 Normative
[RFC2119] S. Bradner, "Key words for use in RFCs to
Indicate Requirement Levels", RFC 2119, Harvard University, March 1997. http://www.ietf.org/rfc/rfc2119.txt
[SOAP] W3C Note, "SOAP: Simple Object Access Protocol
1.1", 08 May 2000. http://www.w3.org/TR/2000/NOTE-SOAP-20000508/ [SOAP12] W3C Recommendation, "SOAP 1.2 Part 1:
Messaging Framework", 24 June 2003. http://www.w3.org/TR/2003/REC-soap12-part1-20030624/ [URI] T. Berners-Lee, R. Fielding, L. Masinter,
"Uniform Resource Identifiers (URI): Generic Syntax", RFC 3986,
MIT/LCS, Day Software, Adobe Systems, January 2005. http://www.ietf.org/rfc/rfc3986.txt [RFC2068] IETF Standard, "Hypertext Transfer Protocol
-- HTTP/1.1" January 1997 http://www.ietf.org/rfc/rfc2068.txt
Normative, un-attributed, references on lines 1426 and 1430
for authentication mechanisms. [RFC2246] IETF Standard, "The TLS Protocol",
January 1999. http://www.ietf.org/rfc/rfc2246.txt
New reference, needed for example in description of HTTPS
assertion. Suggest using this as BSP references this version,
consistent with recommendations for SC and Trust. [WS-Addressing] W3C Recommendation, "Web Services
Addressing (WS-Addressing)", 9 May 2006. http://www.w3.org/TR/2006/REC-ws-addr-core-20060509 Used in namespace prefix table and throughout examples and
exemplars. Recommend using Recommendation rather than Submission
version as the TC SC/Trust interop event has. [WS-Policy] W3C Member Submission "Web Services Policy
1.2 - Framework", 25 April 2006. http://www.w3.org/Submission/2006/SUBM-WS-Policy-20060425/
[WS-PolicyAttachment] W3C Member Submission "Web
Services Policy 1.2 - Attachment", 25 April 2006. http://www.w3.org/Submission/2006/SUBM-WS-PolicyAttachment-20060425/
Suggest updating reference to W3C submission. [WS-Trust] "Web Services Trust Language
(WS-Trust)", tbd Update to TC version. [WS-SecureConversation] “Web Services Secure
Conversation Language (WS-SecureConversation)", tbd Update to TC version. [WSS10] OASIS Standard, "OASIS Web Services Security:
SOAP Message Security 1.0 (WS-Security 2004)", March 2004. http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf [WSS11] OASIS Standard, "OASIS Web Services Security:
SOAP Message Security 1.1 (WS-Security 2004)", February 2006. http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf
New reference though the tag is already in use in the spec,
i.e. wsse11 namespace in table at line 60. Should also be referenced in section
on WSS11 assertion. [WSS:UsernameToken1.0] OASIS Standard, "Web Services
Security: UsernameToken Profile", March 2004 http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf [WSS:UsernameToken1.1] OASIS Standard, "Web Services
Security: UsernameToken Profile 1.1", February 2006 http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-UsernameTokenProfile.pdf
New reference though the tag is already in use in the spec,
i.e. in section on UsernameToken assertion. [WSS:X509Token1.0] OASIS Standard, "Web Services
Security X.509 Certificate Token Profile", March 2004 http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf Recommend adding the 1.0 to the tag for consistency with
UsernameToken references. [WSS:X509Token1.1] OASIS Standard, "Web Services
Security X.509 Certificate Token Profile", February 2006 http://www.oasis-open.org/committees/download.php/16785/wss-v1.1-spec-os-x509TokenProfile.pdf New reference though the tag is already in use in the spec,
i.e. in section on X.509 assertion. [WSS:KerberosToken1.1] OASIS Standard, “Web Services
Security Kerberos Token Profile 1.1”, February 2006 http://www.oasis-open.org/committees/download.php/16788/wss-v1.1-spec-os-KerberosTokenProfile.pdf Use 1.1 reference, there does not appear to be a 1.0 for
this. Needs to be referenced in definition of Kerberos Token assertion. [WSS:SAMLTokenProfile1.0] OASIS Standard, “Web
Services Security: SAML Token Profile”, December 2004 http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0.pdf New reference though the tag is already in use in the spec,
i.e. in section on SAML assertion. [WSS:SAMLTokenProfile1.1] OASIS Standard, “Web
Services Security: SAML Token Profile 1.1”, February 2006 http://www.oasis-open.org/committees/download.php/16768/wss-v1.1-spec-os-SAMLTokenProfile.pdf
New reference though the tag is already in use in the spec,
i.e. in section on SAML assertion. [WSS: REL Token Profile 1.0] OASIS Standard, “Web
Services Security Rights Expression Language (REL) Token Profile”,
December 2004 http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf New reference though the tag is already in use in the spec,
i.e. in section on REL assertion. [WSS: REL Token Profile 1.1] OASIS Standard, “Web
Services Security Rights Expression Language (REL) Token Profile 1.1”,
February 2006 http://www.oasis-open.org/committees/download.php/16687/oasis-wss-rel-token-profile-1.1.pdf New reference though the tag is already in use in the spec,
i.e. in section on REL assertion. [XML-Encrypt] W3C Recommendation, "XML Encryption
Syntax and Processing", 10 December 2002. http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/
First referenced on line 1981. Recommend changing keyword term from [XMLENC] to
[XML-Encrypt] for consistency with SC and Trust. [XML-Signature] W3C Recommendation, "XML-Signature
Syntax and Processing", 12 February 2002. http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/ Referred to throughout via use of “sign”,
“integrity” and explicitly in the namespace table for prefix ds. Suggest using same stable link as WSS and SC/Trust rather
than current “latest” link. Recommend changing keyword term from [XMLENC] to
[XML-Encrypt] for consistency with SC and Trust. [XPATH] W3C Recommendation "XML Path Language (XPath)
Version 1.0", 16 November 1999. http://www.w3.org/TR/1999/REC-xpath-19991116
First, unattributed, use on line 574. Correct date, should be November and not February of 1999. [XML-Schema1] W3C Recommendation, "XML Schema Part 1:
Structures Second Edition", 28 October 2004. http://www.w3.org/TR/2004/REC-xmlschema-1-20041028/ [XML-Schema2] W3C Recommendation, "XML Schema Part 2:
Datatypes Second Edition", 28 October 2004. http://www.w3.org/TR/2004/REC-xmlschema-2-20041028/
Non-Normative
None. Remove
[KEYWORDS] S. Bradner, "Key words for use in RFCs to
Indicate Requirement Levels," RFC 2119, Harvard University, March 1997 Duplicate reference of [RFC2119]. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]