OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Issue 4 - SP recommendations


All, here is the issue 4 proposal for SP.

 

Note that in my opinion there are no non-normative references. It seems odd, but as SP is providing a description of other specs it makes sense. In particular non-normative references seem to crop up in examples within specs. In SP all of the examples are about using the SP assertions that describe a particular spec. The effect is no non-normative references.

 

WS-SecurityPolicy

ED-01 rev 07

Normative

[RFC2119] S. Bradner, "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, Harvard University, March 1997.

http://www.ietf.org/rfc/rfc2119.txt

 

[SOAP] W3C Note, "SOAP: Simple Object Access Protocol 1.1", 08 May 2000.

http://www.w3.org/TR/2000/NOTE-SOAP-20000508/

 

[SOAP12] W3C Recommendation, "SOAP 1.2 Part 1: Messaging Framework", 24 June 2003.

http://www.w3.org/TR/2003/REC-soap12-part1-20030624/

 

[URI] T. Berners-Lee, R. Fielding, L. Masinter, "Uniform Resource Identifiers (URI): Generic Syntax", RFC 3986, MIT/LCS, Day Software, Adobe Systems, January 2005.

http://www.ietf.org/rfc/rfc3986.txt

 

[RFC2068] IETF Standard, "Hypertext Transfer Protocol -- HTTP/1.1" January 1997

http://www.ietf.org/rfc/rfc2068.txt

Normative, un-attributed, references on lines 1426 and 1430 for authentication mechanisms.

 

[RFC2246] IETF Standard, "The TLS Protocol", January 1999.

http://www.ietf.org/rfc/rfc2246.txt

New reference, needed for example in description of HTTPS assertion.

Suggest using this as BSP references this version, consistent with recommendations for SC and Trust.

 

[WS-Addressing] W3C Recommendation, "Web Services Addressing (WS-Addressing)", 9 May 2006.

http://www.w3.org/TR/2006/REC-ws-addr-core-20060509

Used in namespace prefix table and throughout examples and exemplars.

Recommend using Recommendation rather than Submission version as the TC SC/Trust interop event has.

 

[WS-Policy] W3C Member Submission "Web Services Policy 1.2 - Framework", 25 April 2006.

http://www.w3.org/Submission/2006/SUBM-WS-Policy-20060425/

 

[WS-PolicyAttachment] W3C Member Submission "Web Services Policy 1.2 - Attachment", 25 April 2006.

http://www.w3.org/Submission/2006/SUBM-WS-PolicyAttachment-20060425/

Suggest updating reference to W3C submission.

 

[WS-Trust] "Web Services Trust Language (WS-Trust)", tbd

Update to TC version.

 

[WS-SecureConversation] “Web Services Secure Conversation Language (WS-SecureConversation)", tbd

Update to TC version.

 

[WSS10] OASIS Standard, "OASIS Web Services Security: SOAP Message Security 1.0 (WS-Security 2004)", March 2004.

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf

 

[WSS11] OASIS Standard, "OASIS Web Services Security: SOAP Message Security 1.1 (WS-Security 2004)", February 2006.

http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf

New reference though the tag is already in use in the spec, i.e. wsse11 namespace in table at line 60. Should also be referenced in section on WSS11 assertion.

 

[WSS:UsernameToken1.0] OASIS Standard, "Web Services Security: UsernameToken Profile", March 2004

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf

 

[WSS:UsernameToken1.1] OASIS Standard, "Web Services Security: UsernameToken Profile 1.1", February 2006

http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-UsernameTokenProfile.pdf

New reference though the tag is already in use in the spec, i.e. in section on UsernameToken assertion.

 

[WSS:X509Token1.0] OASIS Standard, "Web Services Security X.509 Certificate Token Profile", March 2004

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf

Recommend adding the 1.0 to the tag for consistency with UsernameToken references.

 

[WSS:X509Token1.1] OASIS Standard, "Web Services Security X.509 Certificate Token Profile", February 2006

http://www.oasis-open.org/committees/download.php/16785/wss-v1.1-spec-os-x509TokenProfile.pdf

New reference though the tag is already in use in the spec, i.e. in section on X.509 assertion.

 

[WSS:KerberosToken1.1] OASIS Standard, “Web Services Security Kerberos Token Profile 1.1”, February 2006

http://www.oasis-open.org/committees/download.php/16788/wss-v1.1-spec-os-KerberosTokenProfile.pdf

Use 1.1 reference, there does not appear to be a 1.0 for this. Needs to be referenced in definition of Kerberos Token assertion.

 

[WSS:SAMLTokenProfile1.0] OASIS Standard, “Web Services Security: SAML Token Profile”, December 2004

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0.pdf

New reference though the tag is already in use in the spec, i.e. in section on SAML assertion.

 

[WSS:SAMLTokenProfile1.1] OASIS Standard, “Web Services Security: SAML Token Profile 1.1”, February 2006

http://www.oasis-open.org/committees/download.php/16768/wss-v1.1-spec-os-SAMLTokenProfile.pdf

New reference though the tag is already in use in the spec, i.e. in section on SAML assertion.

 

[WSS: REL Token Profile 1.0] OASIS Standard, “Web Services Security Rights Expression Language (REL) Token Profile”, December 2004

http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf

New reference though the tag is already in use in the spec, i.e. in section on REL assertion.

 

[WSS: REL Token Profile 1.1] OASIS Standard, “Web Services Security Rights Expression Language (REL) Token Profile 1.1”, February 2006

http://www.oasis-open.org/committees/download.php/16687/oasis-wss-rel-token-profile-1.1.pdf

New reference though the tag is already in use in the spec, i.e. in section on REL assertion.

 

[XML-Encrypt] W3C Recommendation, "XML Encryption Syntax and Processing", 10 December 2002.

http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/

First referenced on line 1981.

Recommend changing keyword term from [XMLENC] to [XML-Encrypt] for consistency with SC and Trust.

 

[XML-Signature] W3C Recommendation, "XML-Signature Syntax and Processing", 12 February 2002.

http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/

Referred to throughout via use of “sign”, “integrity” and explicitly in the namespace table for prefix ds.

Suggest using same stable link as WSS and SC/Trust rather than current “latest” link.

Recommend changing keyword term from [XMLENC] to [XML-Encrypt] for consistency with SC and Trust.

 

[XPATH] W3C Recommendation "XML Path Language (XPath) Version 1.0", 16 November 1999.

http://www.w3.org/TR/1999/REC-xpath-19991116

First, unattributed, use on line 574.

Correct date, should be November and not February of 1999.

 

[XML-Schema1] W3C Recommendation, "XML Schema Part 1: Structures Second Edition", 28 October 2004.

http://www.w3.org/TR/2004/REC-xmlschema-1-20041028/

 

[XML-Schema2] W3C Recommendation, "XML Schema Part 2: Datatypes Second Edition", 28 October 2004.

http://www.w3.org/TR/2004/REC-xmlschema-2-20041028/

 

Non-Normative

None.

Remove

[KEYWORDS] S. Bradner, "Key words for use in RFCs to Indicate Requirement Levels," RFC 2119, Harvard University, March 1997

Duplicate reference of [RFC2119].

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]