This document contains the resolutions (as of 19 September 2005 ) of public comments received during the public review period of OASIS WSS TC public review documents.
Issues Addressed
| Issue # | 406 |
| Title | Editorial comments on WSS 1.1 SAML Token Profile |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00001.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | This posting contained 7 issues identified to be editorial in nature |
| Disposition | The editorial issues were fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14295/wss-v1.1-spec-draft-SAMLTokenProfile-06.pdf |
| Issue # | 407 |
| Title | Editorial comments on WSS 1.1 REL Token Profile |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00002.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | This posting contained 2 issues identified to be editorial in nature |
| Disposition | The editorial issues were fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14121/wss-v1.1-spec-ed-RELTokenProfile-03-changes.pdf |
| Issue # | 408 |
| Title | Editorial comments on WSS 1.1 Kerberos Token Profile |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg0003.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | This posting contained 7 issues identified to be editorial in nature |
| Disposition | The editorial issues were fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14285/wss-v1.1-spec-draft-KerberosTokenProfile-01.pdf |
| Issue # | 409 |
| Title | Editorial comments on WSS 1.1 X509 Token Profile |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg0004.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | This posting contained 2 issues identified to be editorial in nature |
| Disposition | The editorial issues were fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14287/wss-v1.1-spec-draft-x509TokenProfile-01.pdf |
| Issue # | 410 |
| Title | Editorial comments on WSS 1.1 Username Token Profile |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg0005.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | This posting contained 2 issues identified to be editorial in nature |
| Disposition | The editorial issues were fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14286/wss-v1.1-spec-draft-UsernameTokenProfile-01.pdf |
| Issue # | 411 |
| Title | Editorial comments on WSS 1.1 Core |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg0006.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | This posting contained 39 issues identified to be editorial in nature |
| Disposition | The editorial issues were fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14284/wss-v1.1-spec-draft-SOAPMessageSecurity-01.pdf |
| Issue # | 412 |
| Title | Another comment on WSS 1.1 REL Token Profile |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00010.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | Clarification request on lines 128/129 in REL token profile - whether these lines were talking about wsse:STR/@wsse:TokenType |
| Disposition | Clarification added to http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14121/wss-v1.1-spec-ed-RELTokenProfile-03-changes.pdf |
| Issue # | 413 |
| Title | Clarification of ValueType attribute being on STR at line 198 of Kerberos Token Profile |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00011.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | ValueType attribute does not exist on STR. Text at line 198 seems to imply it does. |
| Disposition | Intent was to say attribute exists on Reference element in STR. Clarification added to http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14285/wss-v1.1-spec-draft-KerberosTokenProfile-01.pdf |
| Issue # | 414 |
| Title | Clarification of text requested at line 303-305 of Kerberos Token Profile |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00011.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | Clarification of text requested at line 303-305 of Kerberos Token Profile |
| Disposition | Clarification added to http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14285/wss-v1.1-spec-draft-KerberosTokenProfile-01.pdf |
| Issue # | 415 |
| Title | Minor clarifications on Kerberos Token Profile |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00011.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | Minor clarifications on Kerberos Token Profile - issue #3 and #4 in the source document above |
| Disposition | Clarification added to http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14285/wss-v1.1-spec-draft-KerberosTokenProfile-01.pdf |
| Issue # | 416 |
| Title | Clarification on the URI for Username Token in Username Token Profile from mgudgin@microsoft.com |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html |
| Resolution | Fixed |
| Description | As described, the URI could be inferred to be a 1.1 URI rather than a 1.0 URI. |
| Disposition | Clarification added to http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14286/wss-v1.1-spec-draft-UsernameTokenProfile-01.pdf |
| Issue # | 417 |
| Title | Clarification on how to Serialize the salt in Username Token Profile from mgudgin@microsoft.com |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html |
| Resolution | Fixed |
| Description | Clarification on how to Serialize the salt in Username token in Username Token Profile |
| Disposition | Clarified that Salt is serialized as xs:base64Binary - http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14286/wss-v1.1-spec-draft-UsernameTokenProfile-01.pdf |
| Issue # | 418 |
| Title | Clarification on iteration field in Username Token Profile |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | Clarification on iteration field in Username Token Profile |
| Disposition | Clarified that Iteration field is serialized as xs:unsignedInteger - http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14286/wss-v1.1-spec-draft-UsernameTokenProfile-01.pdf |
| Issue # | 419 |
| Title | Request for consistency on the usage of password field for cryptographic purposes in Username Token Profile |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html from mgudgin@microsoft.com |
| Resolution | No Fix Required |
| Description | Password fields used for cryptographic purposes have inconsistencies in Username Token Profile |
| Disposition | No Fix Required: http://lists.oasis-open.org/archives/wss/200509/msg00014.html |
| Issue # | 420 |
| Title | #ThumbprintSHA1 should be added to line 157 in X509 Token Profile |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | #ThumbprintSHA1 should be added to the list of URI fragments used in X509 Token Profile |
| Disposition | Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14287/wss-v1.1-spec-draft-x509TokenProfile-01.pdf |
| Issue # | 421 |
| Title | Clarify certificate requirements in X509 Token Profile |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | Description implies that only certificates with signature-verification are allowed. |
| Disposition | Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14287/wss-v1.1-spec-draft-x509TokenProfile-01.pdf as certificates with signature-verification being minimal requirement. |
| Issue # | 422 |
| Title | Clarify URI for for X509 subject key identifier in X509 Token Profile |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | Clarify URI for for X509 subject key identifier in X509 Token Profile |
| Disposition | Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14287/wss-v1.1-spec-draft-x509TokenProfile-01.pdf to indicate the use of 1.0 URI. |
| Issue # | 423 |
| Title | ValueType URI should be changed in X509 Token Profile |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | Clarify URI for for X509 subject key identifier in X509 Token Profile |
| Disposition | Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14287/wss-v1.1-spec-draft-x509TokenProfile-01.pdf to indicate #ThumbprintSHA1 as opposed to #X509ThumbprintSHA1. |
| Issue # | 424 |
| Title | Fix example to reflect use of #ThumbprintSHA1 on X509 Token Profile |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00012.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | Given fix in issue 424 fix example |
| Disposition | Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14287/wss-v1.1-spec-draft-x509TokenProfile-01.pdf to indicate #ThumbprintSHA1 as opposed to #X509ThumbprintSHA1. |
| Issue # | 425 |
| Title | Comments on SAML Token Profile |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00014.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | Editorial comments on SAML Token Profile. |
| Disposition | Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14295/wss-v1.1-spec-draft-SAMLTokenProfile-06.pdf |
| Issue # | 426 |
| Title | Request for clarification on Kerberos Token profile. |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00015.html from ales.pour@systinet.com |
| Resolution | Fixed |
| Description | Request clarification on the octet sequence. |
| Disposition | Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15124/oasis-wss-kerberos-token-profile-1.1.pdf |
| Issue # | 427 |
| Title | STRs outside of the Security header (Core) |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00014.html from concahill@aol.com |
| Resolution | Closed with no additional action. |
| Description | In case where the STR is outside of a security header, the text is unclear about how "containing element" specifies processing rules |
| Disposition | Closed with no action as other changes to core specification address this issue |
| Issue # | 428 |
| Title | Recursive Security Token Reference (Core) |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00018.html from concahill@aol.com |
| Resolution | Fixed |
| Description | Should address the concept of a token referencing another token reference |
| Disposition | Fixed. Changes present in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15127/oasis-wss-soap-message-security-1.1.pdf |
| Issue # | 432 |
| Title | Further Comments on WSS 1.1 Core |
| Source | http://lists.oasis-open.org/archives/wss-comment/200508/msg00021.html from mgudgin@microsoft.com |
| Resolution | Fixed |
| Description | Multiple comments on WSS 1.1 core document. |
| Disposition | Issues fixed. Revisions available in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15127/oasis-wss-soap-message-security-1.1.pdf |
| Issue # | 433 |
| Title | Editorial comment on use of token type attribute in core |
| Source | http://lists.oasis-open.org/archives/wss-comment/200509/msg00011.html from Ronald.Monzillo@Sun.COM |
| Resolution | Fixed |
| Description | Replace instances of wsse:TokenType with wsse11:TokenType |
| Disposition | Issues fixed. Revisions available in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15127/oasis-wss-soap-message-security-1.1.pdf |
| Issue # | 434 |
| Title | Schema corrections in SAML token profile 1.1 draft-01 |
| Source | http://lists.oasis-open.org/archives/wss-comment/200509/msg00012.html from cantor2@osu.edu |
| Resolution | Fixed |
| Description | Minor errors in usage of KeyInfoConfirmationDataType would cause the SAML 2.0 assertion schema to not validate. |
| Disposition | Fixed in draft 7 of the SAML token profile. Revisions available in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15144/wss-v1.1-spec-draft-SAMLTokenProfile-09.pdf |
| Issue # | 435 |
| Title | Public comment on X.509 Token Profile 1.1 |
| Source | http://lists.oasis-open.org/archives/wss-comment/200509/msg00016.html from mark.wahl@informed-control.com |
| Resolution | Duplicate |
| Description | "Thumbprint extension" definition is not clear |
| Disposition | Resolved as duplicate of Issue 431. This issue is fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15126/oasis-wss-x509-token-profile-1.1.pdf |
| Issue # | 436 |
| Title | Public comment on OASIS SOAP Message Security 1.1 (core) |
| Source | http://lists.oasis-open.org/archives/wss-comment/200509/msg00017.html from mark.wahl@informed-control.com |
| Resolution | Fixed |
| Description | Multiple editorial comments on soap message security core |
| Disposition | Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15127/oasis-wss-soap-message-security-1.1.pdf |
| Issue # | 437 |
| Title | Public comment on Username Token Profile 1.1 |
| Source | http://lists.oasis-open.org/archives/wss-comment/200509/msg00018.html from mark.wahl@informed-control.com |
| Resolution | Fixed |
| Description | Multiple editorial comments on the username token profile 1.1 |
| Disposition | Fixed. Changes available in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15182/wss-v1.1-spec-draft-UsernameTokenProfile-01.pdf |
| Issue # | 438 |
| Title | Public comment on SAML Token Profile 1.1 |
| Source | http://lists.oasis-open.org/archives/wss-comment/200509/msg00016.html from mark.wahl@informed-control.com |
| Resolution | Fixed |
| Description | Multiple editorial comments on SAML token profile 1.1 |
| Disposition | Fixed. Changes available in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15144/wss-v1.1-spec-draft-SAMLTokenProfile-09.pdf |
| Issue # | 439 |
| Title | Clarification on GSS wrapped Kerberos v5 AP_REQ |
| Source | http://lists.oasis-open.org/archives/wss/200509/msg00047.html from prateek.mishra@oracle.com |
| Resolution | Fixed |
| Description | Editorial comments on core |
| Disposition | Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14865/wss-v1.1-spec-draft-SOAPMessageSecurity-01.pdf |
| Issue # | 445 |
| Title | Public comment (core) |
| Source | http://lists.oasis-open.org/archives/wss-comment/200509/msg00029.html from peter.hendry@capeclear.com |
| Resolution | Fixed |
| Description | Some clarification from 1.0 errata are not included 1.1 specification |
| Disposition | Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14865/wss-v1.1-spec-draft-SOAPMessageSecurity-01.pdf |
| Issue # | 446 |
| Title | Need clarification on STR transform (core) |
| Source | http://lists.oasis-open.org/archives/wss-comment/200509/msg00030.html from peter.hendry@capeclear.com |
| Resolution | Fixed |
| Description | Request for clarification on the STR transform. |
| Disposition | Fixed in http://www.oasis-open.org/apps/org/workgroup/wss/download.php/15127/oasis-wss-soap-message-security-1.1.pdf |
| Issue # | 450 |
| Title | XML Dsig schema reference (core) |
| Source | http://lists.oasis-open.org/archives/wss-comment/200510/msg00002.html from concahill@aol.com |
| Resolution | Fixed |
| Description | We should use the dated reference to the XML dsig specification rather than reference the latest version, so, it is clear which version has been validated with Soap message security. |
| Disposition | Fixed by removing the [XMLSIG] reference from core and schema file to change the undated reference to feb 2002 reference |
None