Public Review Comments - TC Resolution document This document contains the Resolutions of public comments received during the public review period of OASIS WSS TC public review documents. Issues Addressed Issue # 406 Title: Editorial comments on WSS 1.1 SAML Token Profile Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00001.html from mgudgin@microsoft.com Resolution: Fixed Description: This posting contained 7 issues identified to be editorial in nature Disposition: The editorial issues were fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14295/wss-v1.1-spec-draft-SAMLTokenProfile-06.pdf Issue # 407 Title: Editorial comments on WSS 1.1 REL Token Profile Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00002.html from mgudgin@microsoft.com Resolution: Fixed Description: This posting contained 2 issues identified to be editorial in nature Disposition: The editorial issues were fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14121/wss-v1.1-spec-ed-RELTokenProfile-03-changes.pdf Issue # 408 Title: Editorial comments on WSS 1.1 Kerberos Token Profile Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg0003.html from mgudgin@microsoft.com Resolution: Fixed Description: This posting contained 7 issues identified to be editorial in nature Disposition: The editorial issues were fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14285/wss-v1.1-spec-draft-KerberosTokenProfile-01.pdf Issue # 409 Title: Editorial comments on WSS 1.1 X509 Token Profile Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg0004.html from mgudgin@microsoft.com Resolution: Fixed Description: This posting contained 2 issues identified to be editorial in nature Disposition: The editorial issues were fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14287/wss-v1.1-spec-draft-x509TokenProfile-01.pdf Issue # 410 Title: Editorial comments on WSS 1.1 Username Token Profile Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg0005.html from mgudgin@microsoft.com Resolution: Fixed Description: This posting contained 2 issues identified to be editorial in nature Disposition: The editorial issues were fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14286/wss-v1.1-spec-draft-UsernameTokenProfile-01.pdf Issue # 411 Title: Editorial comments on WSS 1.1 Core Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg0006.html from mgudgin@microsoft.com Resolution: Fixed Description: This posting contained 39 issues identified to be editorial in nature Disposition: The editorial issues were fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14284/wss-v1.1-spec-draft-SOAPMessageSecurity-01.pdf Issue # 412 Title: Another comment on WSS 1.1 REL Token Profile Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00010.html from mgudgin@microsoft.com Resolution: Fixed Description: Clarification request on lines 128/129 in REL token profile - whether these lines were talking about wsse:STR/@wsse:TokenType Disposition: Clarification added to http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14121/wss-v1.1-spec-ed-RELTokenProfile-03-changes.pdf Issue # 413 Title: Clarification of ValueType attribute being on STR at line 198 of Kerberos Token Profile Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00011.html from mgudgin@microsoft.com Resolution: Fixed Description: ValueType attribute does not exist on STR. Text at line 198 seems to imply it does. Disposition: Intent was to say attribute exists on Reference element in STR. Clarification added to http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14285/wss-v1.1-spec-draft-KerberosTokenProfile-01.pdf Issue # 414 Title: Clarification of text requested at line 303-305 of Kerberos Token Profile Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00011.html from mgudgin@microsoft.com Resolution: Fixed Description: Clarification of text requested at line 303-305 of Kerberos Token Profile Disposition: Clarification added to http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14285/wss-v1.1-spec-draft-KerberosTokenProfile-01.pdf Issue # 415 Title: Minor clarifications on Kerberos Token Profile Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00011.html from mgudgin@microsoft.com Resolution: Fixed Description: Minor clarifications on Kerberos Token Profile - issue #3 and #4 in the Source: document above Disposition: Clarification added to http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14285/wss-v1.1-spec-draft-KerberosTokenProfile-01.pdf Issue # 416 Title: Clarification on the URI for Username Token in Username Token Profile from mgudgin@microsoft.com Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html Resolution: Fixed Description: As described, the URI could be inferred to be a 1.1 URI rather than a 1.0 URI. Disposition: Clarification added to http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14286/wss-v1.1-spec-draft-UsernameTokenProfile-01.pdf Issue # 417 Title: Clarification on how to Serialize the salt in Username Token Profile from mgudgin@microsoft.com Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html Resolution: Fixed Description: Clarification on how to Serialize the salt in Username token in Username Token Profile Disposition: Clarified that Salt is serialized as xs:base64Binary - http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14286/wss-v1.1-spec-draft-UsernameTokenProfile-01.pdf Issue # 418 Title: Clarification on iteration field in Username Token Profile Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html from mgudgin@microsoft.com Resolution: Fixed Description: Clarification on iteration field in Username Token Profile Disposition: Clarified that Iteration field is serialized as xs:unsignedInteger - http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14286/wss-v1.1-spec-draft-UsernameTokenProfile-01.pdf Issue # 419 Title: Request for consistency on the usage of password field for cryptographic purposes in Username Token Profile Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html from mgudgin@microsoft.com Resolution: No Fix Required Description: Password fields used for cryptographic purposes have inconsistencies in Username Token Profile Disposition: No Fix Required: http://lists.oasis-open.org/archives/wss/200509/msg00014.html Issue # 420 Title: #ThumbprintSHA1 should be added to line 157 in X509 Token Profile Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html from mgudgin@microsoft.com Resolution: Fixed Description: #ThumbprintSHA1 should be added to the list of URI fragments used in X509 Token Profile Disposition: Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14287/wss-v1.1-spec-draft-x509TokenProfile-01.pdf Issue # 421 Title: Clarify certificate requirements in X509 Token Profile Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html from mgudgin@microsoft.com Resolution: Fixed Description: Description: implies that only certificates with signature-verification are allowed. Disposition: Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14287/wss-v1.1-spec-draft-x509TokenProfile-01.pdf as certificates with signature-verification being minimal requirement. Issue # 422 Title: Clarify URI for for X509 subject key identifier in X509 Token Profile Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html from mgudgin@microsoft.com Resolution: Fixed Description: Clarify URI for for X509 subject key identifier in X509 Token Profile Disposition: Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14287/wss-v1.1-spec-draft-x509TokenProfile-01.pdf to indicate the use of 1.0 URI. Issue # 423 Title: ValueType URI should be changed in X509 Token Profile Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html from mgudgin@microsoft.com Resolution: Fixed Description: Clarify URI for for X509 subject key identifier in X509 Token Profile Disposition: Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14287/wss-v1.1-spec-draft-x509TokenProfile-01.pdf to indicate #ThumbprintSHA1 as opposed to #X509ThumbprintSHA1. Issue # 424 Title: Fix example to reflect use of #ThumbprintSHA1 on X509 Token Profile Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html from mgudgin@microsoft.com Resolution: Fixed Description: Given fix in issue 424 fix example Disposition: Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14287/wss-v1.1-spec-draft-x509TokenProfile-01.pdf to indicate #ThumbprintSHA1 as opposed to #X509ThumbprintSHA1. Issue # 425 Title: Comments on SAML Token Profile Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00014.html from mgudgin@microsoft.com Resolution: Fixed Description: Editorial comments on SAML Token Profile. Disposition: Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14295/wss-v1.1-spec-draft-SAMLTokenProfile-06.pdf Issue # 426 Title: Request for clarification on Kerberos Token profile. Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00015.html from ales.pour@systinet.com Resolution: Fixed Description: Request clarification on the octet sequence. Disposition: Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15124/oasis-wss-kerberos-token-profile-1.1.pdf Issue # 427 Title: STRs outside of the Security header (Core) Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00014.html from concahill@aol.com Resolution: Closed with no additional action. Description: In case where the STR is outside of a security header, the text is unclear about how "containing element" specifies processing rules Disposition: Closed with no action as other changes to core specification address this issue Issue # 428 Title: Recursive Security Token Reference (Core) Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00018.html from concahill@aol.com Resolution: Fixed Description: Should address the concept of a token referencing another token reference Disposition: Fixed. Changes present in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15127/oasis-wss-soap-message-security-1.1.pdf Issue # 432 Title: Further Comments on WSS 1.1 Core Source: http://lists.oasis-open.org/archives/wss-comment/200508/msg00021.html from mgudgin@microsoft.com Resolution: Fixed Description: Multiple comments on WSS 1.1 core document. Disposition: Issues fixed. Revisions available in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15127/oasis-wss-soap-message-security-1.1.pdf Issue # 433 Title: Editorial comment on use of token type attribute in core Source: http://lists.oasis-open.org/archives/wss-comment/200509/msg00011.html from Ronald.Monzillo@Sun.COM Resolution: Fixed Description: Replace instances of wsse:TokenType with wsse11:TokenType Disposition: Issues fixed. Revisions available in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15127/oasis-wss-soap-message-security-1.1.pdf Issue # 434 Title: Schema corrections in SAML token profile 1.1 draft-01 Source: http://lists.oasis-open.org/archives/wss-comment/200509/msg00012.html from cantor2@osu.edu Resolution: Fixed Description: Minor errors in usage of KeyInfoConfirmationDataType would cause the SAML 2.0 assertion schema to not validate. Disposition: Fixed in draft 7 of the SAML token profile. Revisions available in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15144/wss-v1.1-spec-draft-SAMLTokenProfile-09.pdf Issue # 435 Title: Public comment on X.509 Token Profile 1.1 Source: http://lists.oasis-open.org/archives/wss-comment/200509/msg00016.html from mark.wahl@informed-control.com Resolution: Duplicate Description: "Thumbprint extension" definition is not clear Disposition: Resolved as duplicate of Issue 431. This issue is fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15126/oasis-wss-x509-token-profile-1.1.pdf Issue # 436 Title: Public comment on OASIS SOAP Message Security 1.1 (core) Source: http://lists.oasis-open.org/archives/wss-comment/200509/msg00017.html from mark.wahl@informed-control.com Resolution: Fixed Description: Multiple editorial comments on soap message security core Disposition: Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15127/oasis-wss-soap-message-security-1.1.pdf Issue # 437 Title: Public comment on Username Token Profile 1.1 Source: http://lists.oasis-open.org/archives/wss-comment/200509/msg00018.html from mark.wahl@informed-control.com Resolution: Fixed Description: Multiple editorial comments on the username token profile 1.1 Disposition: Fixed. Changes available in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15182/wss-v1.1-spec-draft-UsernameTokenProfile-01.pdf Issue # 438 Title: Public comment on SAML Token Profile 1.1 Source: http://lists.oasis-open.org/archives/wss-comment/200509/msg00016.html from mark.wahl@informed-control.com Resolution: Fixed Description: Multiple editorial comments on SAML token profile 1.1 Disposition: Fixed. Changes available in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15144/wss-v1.1-spec-draft-SAMLTokenProfile-09.pdf Issue # 439 Title: Clarification on GSS wrapped Kerberos v5 AP_REQ Source: http://lists.oasis-open.org/archives/wss/200509/msg00047.html from prateek.mishra@oracle.com Resolution: Fixed Description: Editorial comments on core Disposition: Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14865/wss-v1.1-spec-draft-SOAPMessageSecurity-01.pdf Issue # 445 Title: Public comment (core) Source: http://lists.oasis-open.org/archives/wss-comment/200509/msg00029.html from peter.hendry@capeclear.com Resolution: Fixed Description: Some clarification from 1.0 errata are not included 1.1 specification Disposition: Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14865/wss-v1.1-spec-draft-SOAPMessageSecurity-01.pdf Issue # 446 Title: Need clarification on STR transform (core) Source: http://lists.oasis-open.org/archives/wss-comment/200509/msg00030.html from peter.hendry@capeclear.com Resolution: Fixed Description: Request for clarification on the STR transform. Disposition: Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15127/oasis-wss-soap-message-security-1.1.pdf Issue # 450 Title: XML Dsig schema reference (core) Source: http://lists.oasis-open.org/archives/wss-comment/200510/msg00002.html from concahill@aol.com Resolution: Fixed Description: We should use the dated reference to the XML dsig specification rather than reference the latest version, so, it is clear which version has been validated with Soap message security. Disposition: Fixed by removing the [XMLSIG] reference from core and schema file to change the undated reference to feb 2002 reference Open/Pending Issues None Document list reviewed: OASIS core message security document http://www.oasis-open.org/apps/org/workgroup/wss/download.php/13396/wss-v1.1-spec-pr-SOAPMessageSecurity-01.htm Kerberos token profile http://www.oasis-open.org/apps/org/workgroup/wss/download.php/13389/wss-v1.1-spec-pr-KerberosTokenProfile-01.htm REL token profile http://www.oasis-open.org/apps/org/workgroup/wss/download.php/13302/wss-v1.1-spec-pr-RELTokenProfile.htm SAML token profile http://www.oasis-open.org/apps/org/workgroup/wss/download.php/13404/wss-v1.1-spec-pr-SAMLTokenProfile-01.html SWA token profile http://www.oasis-open.org/apps/org/workgroup/wss/download.php/13288/wss-v1.1-spec-pr-SwAProfile-01.html Username token profile http://www.oasis-open.org/apps/org/workgroup/wss/download.php/13392/wss-v1.1-spec-pr-UsernameTokenProfile-01.htm X.509 token profile http://www.oasis-open.org/apps/org/workgroup/wss/download.php/13383/wss-v1.1-spec-pr-x509TokenProfile-01.htm