[plasma] Clarification of specifying WS-Trust tokens in the PLASMA authentication element

Ed Simon <Ed.Simon@titus.com> Wed, 24 October 2012 20:04 UTC

Return-Path: <Ed.Simon@titus.com>
X-Original-To: plasma@ietfa.amsl.com
Delivered-To: plasma@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A0DB21F86AD for <plasma@ietfa.amsl.com>; Wed, 24 Oct 2012 13:04:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RHCLFwLQtWPW for <plasma@ietfa.amsl.com>; Wed, 24 Oct 2012 13:04:49 -0700 (PDT)
Received: from mail203.messagelabs.com (mail203.messagelabs.com [216.82.254.243]) by ietfa.amsl.com (Postfix) with ESMTP id 12B3121F8673 for <plasma@ietf.org>; Wed, 24 Oct 2012 13:04:48 -0700 (PDT)
X-Env-Sender: Ed.Simon@titus.com
X-Msg-Ref: server-9.tower-203.messagelabs.com!1351109087!15949650!1
X-Originating-IP: [67.210.173.99]
X-StarScan-Received:
X-StarScan-Version: 6.6.1.3; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 27208 invoked from network); 24 Oct 2012 20:04:48 -0000
Received: from 67-210-173.99.static.tel-ott.com (HELO snakeskin.titus.com) (67.210.173.99) by server-9.tower-203.messagelabs.com with AES128-SHA encrypted SMTP; 24 Oct 2012 20:04:48 -0000
Received: from E10MB3.tituscorp.local ([fe80::84f4:cfbe:f32f:9a5]) by E10CH1.tituscorp.local ([192.168.200.115]) with mapi id 14.03.0083.000; Wed, 24 Oct 2012 16:04:47 -0400
From: Ed Simon <Ed.Simon@titus.com>
To: "plasma@ietf.org" <plasma@ietf.org>
Thread-Topic: Clarification of specifying WS-Trust tokens in the PLASMA authentication element
Thread-Index: Ac2yItByOS5dgk31QOCVMh2M3gsTfw==
Date: Wed, 24 Oct 2012 20:04:46 +0000
Message-ID: <DCD8C7A5A8B3E844AA2E2CBE327CDC92013B33CD@E10MB3.tituscorp.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.200.1]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [plasma] Clarification of specifying WS-Trust tokens in the PLASMA authentication element
X-BeenThere: plasma@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The PoLicy Augmented S/Mime \(plasma\) bof discussion list." <plasma.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/plasma>, <mailto:plasma-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/plasma>
List-Post: <mailto:plasma@ietf.org>
List-Help: <mailto:plasma-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/plasma>, <mailto:plasma-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2012 20:04:49 -0000

The "Plasma Service Trust Processing" document includes a fragment of an XML Schema describing the <eps:Authentication> element as such:

     <xs:element name="Authentication" type="eps:AuthenticationType"/>
     <xs:complexType name="AuthenticationType">
       <xs:choice maxOccurs="unbounded">
         <xs:element ref="saml:Assertion"/>
...
         <xs:element name="WS-Token">
           <xs:complexType>
             <xs:simpleContent>
               <xs:extension base="xs:hexBinary">
                 <xs:attribute name="tokenType" type="xs:anyURI"/>
               </xs:extension>
             </xs:simpleContent>
           </xs:complexType>
         </xs:element>
...

I presume, based on the text of the "Plasma Service Trust Processing" document, that the "WS-Token" is actually supposed to be the

/wst:RequestSecurityTokenResponse/wst:RequestedSecurityToken

described in <http://docs.oasis-open.org/ws-sx/ws-trust/v1.4/errata01/ws-trust-1.4-errata01-complete.html>;. Correct? If so, the XML Schema in the "Plasma Service Trust Processing" document needs to be adjusted to something like <xs:element ref="wst:RequestedSecurityToken">. Also, with respect to the "XML Nomenclature and Name Spaces" table, should we be not be using this namespace

http://docs.oasis-open.org/ws-sx/ws-trust/200802

for WS-Trust 1.4?

Ed