cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glen Mazza (JIRA)" <j...@apache.org>
Subject [jira] Commented: (CXF-3224) WS-Trust: remove current wst:KeyType and wst:KeySize defaults
Date Thu, 30 Dec 2010 16:34:45 GMT

    [ https://issues.apache.org/jira/browse/CXF-3224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12976063#action_12976063
] 

Glen Mazza commented on CXF-3224:
---------------------------------

What is your concern about having KeyType and KeySize always included -- is it purely to reduce
the size of the message being sent?  Or because it's meaningless (I'm unsure, but it appears
so) when requesting a SAML token?

I think to clarify your request, should the TokenType be http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
or http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0, to *not* provide
the KeyType and KeySize field.  Correct?

For other token types, the default KeyType is symmetric binding[1] if not provided, but if
we didn't specify the key type we would be dependent on the STS providing the correct type.
 I'm not sure CXF would be robust enough if it allowed itself to be dependent on the STS doing
the right thing.  

[1]  http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html#_Toc162064989


> WS-Trust: remove current wst:KeyType and wst:KeySize defaults
> -------------------------------------------------------------
>
>                 Key: CXF-3224
>                 URL: https://issues.apache.org/jira/browse/CXF-3224
>             Project: CXF
>          Issue Type: Improvement
>          Components: WS-* Components
>    Affects Versions: 2.3.1
>            Reporter: Willem Salembier
>
> Currently the RST always contains a wst:KeyType and wst:KeySize field. The WS-Trust 1.3
specification says these tags are optional.
> We like CXF to render the following simple RST to ask for a SAML v1.1 token.
>  <wst:RequestSecurityToken Context="abc" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:auth="http://schemas.xmlsoap.org/ws/2006/12/authorization" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
>          <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>          <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
>          <wst:Claims Dialect="http://schemas.xmlsoap.org/ws/2006/12/authorization/authclaims">
>             <auth:ClaimType Uri="urn:be:my_claim_attribute">
>                <auth:Value>1234</auth:Value>
>             </auth:ClaimType>
>          </wst:Claims>
>       </wst:RequestSecurityToken>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message