[jira] Commented: (CXF-3224) WS-Trust: remove current wst:KeyType and wst:KeySize defaults

Thu, 30 Dec 2010 08:35:09 -0800 

    [ 
https://issues.apache.org/jira/browse/CXF-3224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12976063#action_12976063
 ] 

Glen Mazza commented on CXF-3224:
---------------------------------

What is your concern about having KeyType and KeySize always included -- is it 
purely to reduce the size of the message being sent?  Or because it's 
meaningless (I'm unsure, but it appears so) when requesting a SAML token?

I think to clarify your request, should the TokenType be 
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 or 
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0, to 
*not* provide the KeyType and KeySize field.  Correct?

For other token types, the default KeyType is symmetric binding[1] if not 
provided, but if we didn't specify the key type we would be dependent on the 
STS providing the correct type.  I'm not sure CXF would be robust enough if it 
allowed itself to be dependent on the STS doing the right thing.  

[1]  
http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html#_Toc162064989


> WS-Trust: remove current wst:KeyType and wst:KeySize defaults
> -------------------------------------------------------------
>
>                 Key: CXF-3224
>                 URL: https://issues.apache.org/jira/browse/CXF-3224
>             Project: CXF
>          Issue Type: Improvement
>          Components: WS-* Components
>    Affects Versions: 2.3.1
>            Reporter: Willem Salembier
>
> Currently the RST always contains a wst:KeyType and wst:KeySize field. The 
> WS-Trust 1.3 specification says these tags are optional.
> We like CXF to render the following simple RST to ask for a SAML v1.1 token.
>  <wst:RequestSecurityToken Context="abc" 
> xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>  xmlns:auth="http://schemas.xmlsoap.org/ws/2006/12/authorization"; 
> xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>
>          
> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>          
> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
>          <wst:Claims 
> Dialect="http://schemas.xmlsoap.org/ws/2006/12/authorization/authclaims";>
>             <auth:ClaimType Uri="urn:be:my_claim_attribute">
>                <auth:Value>1234</auth:Value>
>             </auth:ClaimType>
>          </wst:Claims>
>       </wst:RequestSecurityToken>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to