Yup good catch, I'll reopen the JIRA to remove this patch for 1.5.6.
Colm. ________________________________ From: Andro Maque [mailto:[email protected]] Sent: 30 January 2009 07:15 To: [email protected] Subject: Compliance WSS 1.1 (WSS-105) Hello: On 2008/02/09, Mayank Mishra reported a compliance problem with WSS 1.1 specifications regarding the valueType attribute of the KeyIdentifier element (see http://marc.info/?l=wss4j-dev&m=120428958115637&w=2#2). I'm reviewing the current specification and I find no mention to "x509v1" as a valid valueType for a Binary Security Token. I guess that it was specified as valid while the bug was reported; since then, an errata was published correcting this feature. It seems that "x509v1" is no longer a valid valueType in a security token. Affected versions: 1.5.4 & 1.5.5 See: http://www.oasis-open.org/specs/#wssv1.1 and the 3 documents: * X.509 Token Profile 1.1 <http://www.oasis-open.org/committees/download.php/16785/wss-v1.1-spec-o s-x509TokenProfile.pdf> * X.509 Token Profile 1.1 Errata (only) <http://docs.oasis-open.org/wss/v1.1/wss-v1.1-errata-os-x509TokenProfile .pdf> * X.509 Token Profile 1.1 Errata (merged) <http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-errata-os-x509TokenPr ofile.pdf> Regards. Andro. ________________________________ See all the ways you can stay connected to friends and family <http://www.microsoft.com/windows/windowslive/default.aspx>
