IssuerSerial is also supported. It may be more performant to use IssuerSerial over having to set up a MessageDigest object, although the extra cost is probably dwarfed by the overall WS-Security performance cost.
Colm. On Tue, Mar 11, 2014 at 3:52 PM, COURTAULT Francois < [email protected]> wrote: > Hello Colm, > > > > Thanks a lot for the answer. So it means that CXF doesn't support > IssuerSerial and EmbeddedToken: right ? Any reason for that ? > > > > Additional question: any reason to choose one vs the other (perf, ....) > between Thumbprint and KeyIdentifier? > > > > Best Regards. > > > > *From:* Colm O hEigeartaigh [mailto:[email protected]] > *Sent:* mardi 11 mars 2014 15:38 > *To:* COURTAULT Francois > *Cc:* [email protected] > *Subject:* Re: Blur between secpolicy 1.2 and X509 Token profile > > > > > > CXF supports referencing X.509 tokens via Thumbprint KeyIdentifier > references. I don't know why a section on thumbprint references was removed > from a draft version of the spec. > > Colm. > > > > On Tue, Mar 11, 2014 at 2:12 PM, COURTAULT Francois < > [email protected]> wrote: > > Sorry to ask again but I haven't received any response yet ... > > Best Regards. > > -----Original Message----- > From: COURTAULT Francois > Sent: lundi 10 février 2014 10:35 > To: '[email protected]' > Cc: '[email protected]' > Subject: RE: Blur between secpolicy 1.2 and X509 Token profile > > Hello guys, > > Any answer to my question ? > > Best Regards. > > -----Original Message----- > From: COURTAULT Francois > Sent: mercredi 5 février 2014 12:22 > To: [email protected] > Subject: Blur between secpolicy 1.2 and X509 Token profile > > Hello everyone, > > I am a little bit lost because In the security policy spec v1.2 ( > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html), > there are several ways to reference a X509Token (§5.4.3) which are allowed: > * <sp:RequireKeyIdentifierReference ... /> ? > * <sp:RequireIssuerSerialReference ... /> ? > * <sp:RequireEmbeddedTokenReference ... /> ? > * <sp:RequireThumbprintReference ... /> ? > > But in the X509 Certificate Token Profile 1.1 draft ( > https://www.oasis-open.org/committees/download.php/13383/wss-v1.1-spec-pr-x509TokenProfile-01.htm#_Toc105230346), > the thumbprint references is described (§3.2.4) whereas in the final specs > either at > http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-x509TokenProfile.pdfor at > http://docs.oasis-open.org/wss-m/wss/v1.1.1/wss-x509TokenProfile-v1.1.1.html, > this section has disappeared. > > Do you know any reason for that ? Is the thumbprint reference still > supported by the spec ? > > Best Regards. > > This message and any attachments are intended solely for the addressees > and may contain confidential information. Any unauthorized use or > disclosure, either whole or partial, is prohibited. > E-mails are susceptible to alteration. Our company shall not be liable for > the message if altered, changed or falsified. If you are not the intended > recipient of this message, please delete it and notify the sender. > Although all reasonable efforts have been made to keep this transmission > free from viruses, the sender will not be liable for damages caused by a > transmitted virus > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > ------------------------------ > This message and any attachments are intended solely for the addressees > and may contain confidential information. Any unauthorized use or > disclosure, either whole or partial, is prohibited. > E-mails are susceptible to alteration. Our company shall not be liable for > the message if altered, changed or falsified. If you are not the intended > recipient of this message, please delete it and notify the sender. > Although all reasonable efforts have been made to keep this transmission > free from viruses, the sender will not be liable for damages caused by a > transmitted virus > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
