Re: [plasma] Binary value encoding in AuthenticationTypeWSToken

"Jim Schaad" <> Thu, 28 June 2012 02:55 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6884611E81AC for <>; Wed, 27 Jun 2012 19:55:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id deeXYtBaUpjP for <>; Wed, 27 Jun 2012 19:55:06 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 3682C11E81AB for <>; Wed, 27 Jun 2012 19:55:06 -0700 (PDT)
Received: from Tobias ( []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id 24D642C9BB; Wed, 27 Jun 2012 19:55:04 -0700 (PDT)
From: Jim Schaad <>
To: 'Dan Griffin' <>,
References: <>
In-Reply-To: <>
Date: Wed, 27 Jun 2012 19:53:44 -0700
Message-ID: <018501cd54d9$3dae6c50$b90b44f0$>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0186_01CD549E.9150F3E0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHyMd5/I3NLBHFDvMpYXySK4MLPh5bFTc8w
Content-Language: en-us
Subject: Re: [plasma] Binary value encoding in AuthenticationTypeWSToken
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The PoLicy Augmented S/Mime \(plasma\) bof discussion list." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 28 Jun 2012 02:55:07 -0000

Please let me know what text is unclear in the document.


This is A correct type.  There is no ONE correct type of token to be
returned.  This is strictly a choice of the server.  The server can use an
XML based token, such as SAML or an ASN.1 based token, such as CMS or a
non-structured token, such as an index in a database.


There is no requirement in the document that the client understand the token
returned to the client.  In fact the requirement is just the opposite.  The
token is to be treated as an opaque blob by the client.  If data such as
lifetimes is to be returned they are returned as wst namespace attributes.





From: [] On Behalf Of
Dan Griffin
Sent: Wednesday, June 27, 2012 1:42 PM
Subject: [plasma] Binary value encoding in AuthenticationTypeWSToken


We're using AuthenticationTypeWSToken to transmit a SAML token - is that the
correct type?


If so, just wanted to clarify - the Value member of that type is a hex
binary string, which seems like an odd choice. Wouldn't XML make more sense?