12
3WebServicesSecurity:4SOAPMessageSecurity1.15(WS-Security2004)
6OASISApprovedErrata,01November2006
7OASISidentifier:
8 wss-v1.1-errata-os-SOAPMessageSecurity 9Location: 10 /wss/v1.1/ 11TechnicalCommittee: 12 WebServiceSecurity(WSS) 13Chairs: 14 KelvinLawrence,IBM 15 ChrisKaler,Microsoft 16Editors: 17 AnthonyNadalin,IBM 18Abstract: 19 ThisspecificationdescribesenhancementstoSOAPmessagingtoprovidemessage 20 integrityandconfidentiality.Thespecifiedmechanismscanbeusedtomodatea 21 widevarietyofsecuritymodelsandencryptiontechnologies. 22 23 Thisspecificationalsoprovidesageneral-purposemechanismforassociatingsecurity 24 tokenswithmessagecontent.Nospecifictypeofsecuritytokenisrequired,the 25 specificationisdesignedtobeextensible(i.e..supportmultiplesecuritytokenformats). 26 Forexample,aclientmightprovideoneformatforproofofidentityandprovideanother 27 formatforproofthattheyhaveaparticularbusinesscertification. 28 29 Additionally,thisspecificationdescribeshowtoencodebinarysecuritytokens,a 30 frameworkforXML-basedtokens,andhowtoincludeopaqueencryptedkeys.Italso 31 includesextensibilitymechanismsthatcanbeusedtofurtherdescribethecharacteristics 32 ofthetokensthatareincludedwithamessage. 33Status: 34 ThisisanOASISDraftlistingerratafortheOASISStandardproducedbytheWeb 35 ServicesSecurityTechnicalCommittee.ThestandardwasapprovedbytheOASIS 36 membershipon1February2006. wss-v1.1-errata-os-SOAPMessageSecurityCopyright©OASISOpen2002-2006.AllRightsReserved. 01November2006Page1of13 37 38 TechnicalCommitteemembersshouldmentsonthisspecificationtothe 39 technicalCommittee’semaillist.OthersshouldmentstotheTechnical 40 Committeebyusingthe“SendAComment”buttonontheTechnicalCommittee’sweb 41 pageatmittees/wss. 42 43 Forpatentdisclosureinformationthatmaybeessentialtotheimplementationofthis 44 specification,andanyoffersoflicensingterms,refertotheIntellectualPropertyRights 45 sectionoftheOASISWebServicesSecurityTechnicalCommittee(WSSTC)webpage 46 atmittees/wss/ipr.php.GeneralOASISIPRinformation 47 canbefoundat. wss-v1.1-errata-os-SOAPMessageSecurityCopyright©OASISOpen2002-2006.AllRightsReserved. 01November2006Page2of13 48 49Notices 50OASIStakesnopositionregardingthevalidityorscopeofanyintellectualpropertyorotherrights51thatmightbeclaimedtopertaintotheimplementationoruseofthetechnologydescribedinthis52documentortheextenttowhichanylicenseundersuchrightsmightormightnotbevailable;53neitherdoesitrepresentthatithasmadeanyefforttoidentifyanysuchrights.Informationon54OASIS'sprocedureswithrespecttorightsinOASISspecificationscanbefoundattheOASIS55website.Copiesofclaimsofrightsmadeavailableforpublicationandanyassurancesoflicenses56tobemadeavailable,ortheresultofanattemptmadetoobtainagenerallicenseorpermission57fortheuseofsuchproprietaryrightsbyimplementorsorusersofthisspecification,canbe58obtainedfromtheOASISExecutiveDirector.OASISinvitesanyinterestedpartytobringtoits59attentionanycopyrights,patentsorpatentapplications,orotherproprietaryrightswhichmay60covertechnologythatmayberequiredtoimplementthisspecification.Pleaseaddressthe61informationtotheOASISExecutiveDirector.6263Copyright(C)OASISOpen2002-2006.AllRightsReserved.6465Thisdocumentandtranslationsofitmaybecopiedandfurnishedtoothers,andderivativeworks66mentonorotherwiseexplainitorassistinitsimplementationmaybeprepared,copied,67publishedanddistributed,inwholeorinpart,withoutrestrictionofanykind,providedthatthe68abovecopyrightnoticeandthisparagraphareincludedonallsuchcopiesandderivativeworks.69However,thisdocumentitselfmaynotbemodifiedinanyway,suchasbyremovingthecopyright70noticeorreferencestoOASIS,exceptasneededforthepurposeofdevelopingOASIS71specifications,inwhichcasetheproceduresforcopyrightsdefinedintheOASISIntellectual72PropertyRightsdocumentmustbefollowed,orasrequiredtotranslateitintolanguagesother73thanEnglish.7475ThelimitedpermissionsgrantedaboveareperpetualandwillnotberevokedbyOASISorits76essorsorassigns.7778Thisdocumentandtheinformationcontainedhereinisprovidedonan"ASIS"basisandOASIS79DISCLAIMSALLWARRANTIES,EXPRESSORIMPLIED,INCLUDINGBUTNOTLIMITEDTO80ANYWARRANTYTHATTHEUSEOFTHEINFORMATIONHEREINWILLNOTINFRINGE81ANYRIGHTSORANYIMPLIEDWARRANTIESOFMERCHANTABILITYORFITNESSFORA82PARTICULARPURPOSE.8384OASIShasbeennotifiedofintellectualpropertyrightsclaimedinregardtosomeorallofthe85contentsofthisspecification.Formoreinformationconsulttheonlinelistofclaimedrights.86 87Thissectionisnon-normative. wss-v1.1-errata-os-SOAPMessageSecurityCopyright©OASISOpen2002-2006.AllRightsReserved. 01November2006Page3of13 88TableofContents 891IssuesAddressed
5 902Typographical/EditorialErrors
6 91 2.1Section7.2DirectReferences
6 92 2.2Section7.3KeyIdentifiers
6 93 2.3Section8.6Example
6 94 2.4Section9.4.4
6 95 2.5Section11ExtendedExample
6 963Normative
7 97 3.1Section8.3SigningTokens
7 98 3.2Section7.3KeyIdentifiers
7 994
8 100AppendixA:AcknowledgementselementSHALLisplacedinthe116to117TheelementSHALLbeplacedinthe
1182.3Section8.6Example
119Changedline1514from:120…#X509v3121to122/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
1232.4Section9.4.4
124Changedline1776from:125thenprocessaspersection9.5.2Decryptionand126to127thenprocessaspersection9.4.2Decryptionand128129Changedline1770from:130Decryptthecontentsoftheelementaspersection9.5.2131to132Decryptthecontentsoftheelementaspersection9.4.2
1332.5Section11ExtendedExample
134Changedline1916from:135…#X509v3136to137/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3138139Changedline1929from:140…#X509v3141to142/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
wss-v1.1-errata-os-SOAPMessageSecurity
Copyright©OASISOpen2002-2006.AllRightsReserved. 01November2006Page6of13 1433NormativeErrors 1443.1Section8.3SigningTokens 145Removedthe#x509v3tableentryatline1399andthenchangetheexampleinsamedocument146atlines1514,1915and1927to/wss/2004/01/oasis-200401-wss-x509147token-profile-1.0#X509v3. 1483.2Section7.3KeyIdentifiers 149Changedtableentryonline1014from /wss/oasiswss-soap-messagesecurity1.1#ThumbPrintSHA1 IfthesecuritytokentypethattheSecurityTokenReferencereferstoalreadycontainsarepresentationforthethumbprint,thevalueobtainedfromthetokenMAYbeused.Ifthetokendoesnotcontainarepresentationofathumbprint,thenthevalueoftheKeyIdentifierMUSTbetheSHA1oftherawoctetswhichwouldbeencodedwithinthesecuritytokenelementwereittobeincluded.AthumbprintreferenceMUSTurbinationwitharequiredtobesupported(bytheapplicableprofile)referenceformunlessathumbprintreferenceisamongthereferenceformsrequiredtobesupportedbytheapplicableprofile,orthepartiestomunicationhaveagreedtoeptthumbprintonlyreferences. 150to /wss/oasiswss-soap-messagesecurity1.1#ThumbprintSHA1 IfthesecuritytokentypethattheSecurityTokenReferencereferstoalreadycontainsarepresentationforthethumbprint,thevalueobtainedfromthetokenMAYbeused.Ifthetokendoesnotcontainarepresentationofathumbprint,thenthevalueoftheKeyIdentifierMUSTbetheSHA1oftherawoctetswhichwouldbeencodedwithinthesecuritytokenelementwereittobeincluded.AthumbprintreferenceMUSTurbinationwitharequiredtobesupported(bytheapplicableprofile)referenceformunlessathumbprintreferenceisamongthereferenceformsrequiredtobesupportedbytheapplicableprofile,orthepartiestomunicationhaveagreedtoeptthumbprintonlyreferences. 151 wss-v1.1-errata-os-SOAPMessageSecurityCopyright©OASISOpen2002-2006.AllRightsReserved. 01November2006Page7of13 1524References 153 [GLOSS] InformationalRFC2828,"SecurityGlossary,"May2000. 154 [KERBEROS]
J.KohlandC.Neuman,"TheKerberosNetworkAuthenticationService 155 (V5),"RFC1510,September1993,/rfc/rfc1510.txt. 156 [KEYWORDS]
S.Bradner,"KeywordsforuseinRFCstoIndicateRequirementLevels," 157 RFC2119,HarvardUniversity,March1997. 158 [SHA-1] 159 160 FIPSPUB180-
1.SecureHashStandard.U.S.DepartmentofCommerce/NationalInstituteofStandardsandTechnology.http://csrc.nist.gov/publications/fips/fips180-1/fip180-1.txt 161 [SOAP11] W3CNote,"SOAP:SimpleObjectessProtocol1.1,"08May2000. 162 [SOAP12] 163 W3Cmendation,"SOAPVersion1.2Part1:MessagingFramework",23June2003. 164 [SOAPSEC] W3CNote,"SOAPSecurityExtensions:DigitalSignature,"06February 165 2001. 166 [URI] 167 168
T.Berners-Lee,
R.Fielding,
L.Masinter,"UniformResourceIdentifiers(URI):GenericSyntax,"RFC3986,MIT/LCS,DaySoftware,AdobeSystems,January2005. 169 [XPATH] W3Cmendation,"XMLPathLanguage",16November1999 170 171 Thefollowingarenon-normativereferencesincludedforbackgroundandrelatedmaterial: 172 [WS-SECURITY]"WebServicesSecurityLanguage",IBM,Microsoft,VeriSign,April2002. 173 "WS-SecurityAddendum",IBM,Microsoft,VeriSign,August2002. 174 "WS-SecurityXMLTokens",IBM,Microsoft,VeriSign,August2002. 175 [XMLC14N] W3Cmendation,"CanonicalXMLVersion1.0,"15March2001. 176 [EXCC14N] W3Cmendation,"ExclusiveXMLCanonicalizationVersion1.0,"
8 177 July2002. 178 [XMLENC] 179 W3CWorkingDraft,"XMLEncryptionSyntaxandProcessing,"04March2002. 180 W3Cmendation,“DecryptionTransformforXMLSignature”,10December2002. 181 [XML-ns] W3Cmendation,"NamespacesinXML,"14January1999. 182 [XMLSCHEMA]W3Cmendation,"XMLSchemaPart1:Structures,"2May2001. 183 W3Cmendation,"XMLSchemaPart2:Datatypes,"2May2001. 184 [XMLSIG] 185 186
D.Eastlake,
J.R.,
D.Solo,
M.Bartel,
J.Boyer,
B.Fox,
E.Simon.XMLSignatureSyntaxandProcessing,W3Cmendation,12February2002. 187 [X509] 188 189 190
S.Santesson,etal,"X.509PublicKeyInfrastructureQualifiedCertificatesProfile,"mendation.asp?
type=items&lang=e&parent=T-REC-X.509-200003-
I 191 [WSS-SAML] OASISWorkingDraft06,"WebServicesSecuritySAMLTokenProfile", 192 21February2003 wss-v1.1-errata-os-SOAPMessageSecurityCopyright©OASISOpen2002-2006.AllRightsReserved. 01November2006Page8of13 193 [WSS-XrML] OASISWorkingDraft03,"WebServicesSecurityXrMLTokenProfile", 194 30January2003 195 [WSS-X509] OASIS,“WebServicesSecurityX.509CertificateTokenProfile”,19 196 January2004,/wss/2004/01/oasis- 197 200401-wss-x509-token-profile-1.0 198 [WSSKERBEROS]OASISWorkingDraft03,"WebServicesSecurityKerberosProfile",30 199 January2003 200 [WSSUSERNAME]OASIS,”WebServicesSecurityUsernameTokenProfile”19January 201 2004,/wss/2004/01/oasis-200401-wss- 202 username-token-profile-1.0 203 [WSS-XCBF] OASISWorkingDraft1.1,"WebServicesSecurityXCBFTokenProfile", 204 30March2003 205 [XMLID] W3Cmmendation,“xml:idVersion1.0”,9September2005. 206 [XPOINTER] "XMLPointerLanguage(XPointer)Version1.0,Candidate 207 mendation",DeRose,Maler,Daniel,11September2001. wss-v1.1-errata-os-SOAPMessageSecurityCopyright©OASISOpen2002-2006.AllRightsReserved. 01November2006Page9of13 208AppendixA:Acknowledgements 209CurrentContributors:MichaelManeeshDuaneGeneFrankHalDenisCorinnaSteveRichThomasMerlinDaleRichSamDanaS.ToshihiroKefengIrvingKojiroPaulaDerekMaryannKelvinMichaelAnthonyNatarajBruceRonDonKatePaulVijayMartinChrisFrederickAbbiePrateekVamsiRamanaBenRobBlakeSundeepCoumaraPeteManveenRonald HuSahuNickullThurstonSiebenlistLockhartPilipchukWittAndersonLevinsonDeMartiniHughesMobergSalzWeiKaufmanNishimuraChenReidNakayamaAustelFuHondoLawrenceMcIntoshNadalinNagaratnamRichWilliamsFlinnCherryCottonGajjalaGudginKalerHirschBarbirMishraMotukuruTurlapiHammondPhilpottDournaeePeechuRadjaWenzelKaurMonzillo ActionalActionalAdobeSystemsAmberPointArgonneNationalLaboratoryBEASystemsBEASystemsBEASystemsBMCSoftwareComputerAssociatesContentGuardCybertrustCycloneCommerceDatapowerEMCForumSystemsFujitsuGeoTrustHewlett-PackardHitachiIBMIBMIBMIBMIBMIBMIBMIBMIBMIndividualLockheedMartinMicrosoftMicrosoftMicrosoftMicrosoftNokiaNortelOracleOracleOracleRSASecurityRSASecuritySarvegaSarvegaSarvegaSeeBeyondSunMicrosystemsSunMicrosystems wss-v1.1-errata-os-SOAPMessageSecurity 01November2006 Copyright©OASISOpen2002-2006.AllRightsReserved.13 Page10of JanSymonJohnHansPhillipHemma AlexanderChangWeilandGranqvistHallam-BakerPrafullchandra TIBCOSoftwareUSNavyVeriSignVeriSignVeriSign 210PreviousContributors:PeterGuillermoTJXinShawnGaneshTimCarolina TomYutakaJasonBobJoelSatoshiHiroshiDavidKentWaynePhilMarkJohnPeterDavanumBobBobKeithAllenGiovanniAlanJohannesScottChrisBrianPaulJohnJohnDanHerveyJeffSenthilLloydEdCharlesVipinJerry DapkusLaoPannuWangSharpVaideeswaranMosesCanalesValenzuelaRuttKudoRouaultBlakleyFarrellHadaMaruyamaMelgarTamuraVicknairGriffinHayesHughesRostinSrinivasanAtkinsonBallingerBrownDella-LiberaGellerKleinKonersmannKurthiaLeachManferdelliShewchukSimonWilsonHodgesSengodanBurchReedKnouseSamarSchwarz BEAContentGuardContentGuardContentGuardCycloneCommerceDocumentumEntrustEricsson FujitsuHitachiHPIBMIBMIBMIBMIBMIBMIBMIndividualIndividualIndividualIndividualIndividualIndividual/2MicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftNeustarNokiaNovellNovellOblixOracleOracle wss-v1.1-errata-os-SOAPMessageSecurity 01November2006 Copyright©OASISOpen2002-2006.AllRightsReserved.13 Page11of Eric Gravengaard Reactivity Andrew Nash Reactivity Stuart King ReedElsevier Martijn deBoer SAP Jonathan Tourzan Sony Yassir Elley Sun Michael Nguyen TheIDAofSingapore Don Adams TIBCO Morten ensen Vordel 211 wss-v1.1-errata-os-SOAPMessageSecurity Copyright
©OASISOpen2002-2006.AllRightsReserved.13 01November2006Page12of 212AppendixB:RevisionHistory Rev Date ByWhom 01 08-25-2006 AnthonyNadalin 213 214Thissectionisnon-normative. WhatIssue455,459,463 wss-v1.1-errata-os-SOAPMessageSecurity Copyright©OASISOpen2002-2006.AllRightsReserved.13 01November2006Page13of
8 wss-v1.1-errata-os-SOAPMessageSecurity 9Location: 10 /wss/v1.1/ 11TechnicalCommittee: 12 WebServiceSecurity(WSS) 13Chairs: 14 KelvinLawrence,IBM 15 ChrisKaler,Microsoft 16Editors: 17 AnthonyNadalin,IBM 18Abstract: 19 ThisspecificationdescribesenhancementstoSOAPmessagingtoprovidemessage 20 integrityandconfidentiality.Thespecifiedmechanismscanbeusedtomodatea 21 widevarietyofsecuritymodelsandencryptiontechnologies. 22 23 Thisspecificationalsoprovidesageneral-purposemechanismforassociatingsecurity 24 tokenswithmessagecontent.Nospecifictypeofsecuritytokenisrequired,the 25 specificationisdesignedtobeextensible(i.e..supportmultiplesecuritytokenformats). 26 Forexample,aclientmightprovideoneformatforproofofidentityandprovideanother 27 formatforproofthattheyhaveaparticularbusinesscertification. 28 29 Additionally,thisspecificationdescribeshowtoencodebinarysecuritytokens,a 30 frameworkforXML-basedtokens,andhowtoincludeopaqueencryptedkeys.Italso 31 includesextensibilitymechanismsthatcanbeusedtofurtherdescribethecharacteristics 32 ofthetokensthatareincludedwithamessage. 33Status: 34 ThisisanOASISDraftlistingerratafortheOASISStandardproducedbytheWeb 35 ServicesSecurityTechnicalCommittee.ThestandardwasapprovedbytheOASIS 36 membershipon1February2006. wss-v1.1-errata-os-SOAPMessageSecurityCopyright©OASISOpen2002-2006.AllRightsReserved. 01November2006Page1of13 37 38 TechnicalCommitteemembersshouldmentsonthisspecificationtothe 39 technicalCommittee’semaillist.OthersshouldmentstotheTechnical 40 Committeebyusingthe“SendAComment”buttonontheTechnicalCommittee’sweb 41 pageatmittees/wss. 42 43 Forpatentdisclosureinformationthatmaybeessentialtotheimplementationofthis 44 specification,andanyoffersoflicensingterms,refertotheIntellectualPropertyRights 45 sectionoftheOASISWebServicesSecurityTechnicalCommittee(WSSTC)webpage 46 atmittees/wss/ipr.php.GeneralOASISIPRinformation 47 canbefoundat. wss-v1.1-errata-os-SOAPMessageSecurityCopyright©OASISOpen2002-2006.AllRightsReserved. 01November2006Page2of13 48 49Notices 50OASIStakesnopositionregardingthevalidityorscopeofanyintellectualpropertyorotherrights51thatmightbeclaimedtopertaintotheimplementationoruseofthetechnologydescribedinthis52documentortheextenttowhichanylicenseundersuchrightsmightormightnotbevailable;53neitherdoesitrepresentthatithasmadeanyefforttoidentifyanysuchrights.Informationon54OASIS'sprocedureswithrespecttorightsinOASISspecificationscanbefoundattheOASIS55website.Copiesofclaimsofrightsmadeavailableforpublicationandanyassurancesoflicenses56tobemadeavailable,ortheresultofanattemptmadetoobtainagenerallicenseorpermission57fortheuseofsuchproprietaryrightsbyimplementorsorusersofthisspecification,canbe58obtainedfromtheOASISExecutiveDirector.OASISinvitesanyinterestedpartytobringtoits59attentionanycopyrights,patentsorpatentapplications,orotherproprietaryrightswhichmay60covertechnologythatmayberequiredtoimplementthisspecification.Pleaseaddressthe61informationtotheOASISExecutiveDirector.6263Copyright(C)OASISOpen2002-2006.AllRightsReserved.6465Thisdocumentandtranslationsofitmaybecopiedandfurnishedtoothers,andderivativeworks66mentonorotherwiseexplainitorassistinitsimplementationmaybeprepared,copied,67publishedanddistributed,inwholeorinpart,withoutrestrictionofanykind,providedthatthe68abovecopyrightnoticeandthisparagraphareincludedonallsuchcopiesandderivativeworks.69However,thisdocumentitselfmaynotbemodifiedinanyway,suchasbyremovingthecopyright70noticeorreferencestoOASIS,exceptasneededforthepurposeofdevelopingOASIS71specifications,inwhichcasetheproceduresforcopyrightsdefinedintheOASISIntellectual72PropertyRightsdocumentmustbefollowed,orasrequiredtotranslateitintolanguagesother73thanEnglish.7475ThelimitedpermissionsgrantedaboveareperpetualandwillnotberevokedbyOASISorits76essorsorassigns.7778Thisdocumentandtheinformationcontainedhereinisprovidedonan"ASIS"basisandOASIS79DISCLAIMSALLWARRANTIES,EXPRESSORIMPLIED,INCLUDINGBUTNOTLIMITEDTO80ANYWARRANTYTHATTHEUSEOFTHEINFORMATIONHEREINWILLNOTINFRINGE81ANYRIGHTSORANYIMPLIEDWARRANTIESOFMERCHANTABILITYORFITNESSFORA82PARTICULARPURPOSE.8384OASIShasbeennotifiedofintellectualpropertyrightsclaimedinregardtosomeorallofthe85contentsofthisspecification.Formoreinformationconsulttheonlinelistofclaimedrights.86 87Thissectionisnon-normative. wss-v1.1-errata-os-SOAPMessageSecurityCopyright©OASISOpen2002-2006.AllRightsReserved. 01November2006Page3of13 88TableofContents 891IssuesAddressed
...................................................................................................................
5 902Typographical/EditorialErrors
................................................................................................
6 91 2.1Section7.2DirectReferences
.............................................................................................
6 92 2.2Section7.3KeyIdentifiers
....................................................................................................
6 93 2.3Section8.6Example
.............................................................................................................
6 94 2.4Section9.4.4
.........................................................................................................................
6 95 2.5Section11ExtendedExample
..............................................................................................
6 963Normative
Errors.....................................................................................................................
7 97 3.1Section8.3SigningTokens
..................................................................................................
7 98 3.2Section7.3KeyIdentifiers
....................................................................................................
7 994
References..............................................................................................................................
8 100AppendixA:Acknowledgements
...................................................................................................
10 101AppendixB:RevisionHistory........................................................................................................
13 102 wss-v1.1-errata-os-SOAPMessageSecurityCopyright©OASISOpen2002-2006.AllRightsReserved. 01November2006Page4of13 1031IssuesAddressed 104ThefollowingissuesrelatedtotheWebWebServicesSecurity:SOAPMessageSecurity1.1 105(WS-Security2004)listedintheWebServicesCommitteeIssuesList[WSS-Issues]havebeen 106addressedinthisdocument: 107 Issue Description 455 Removethe#x509v3tableentry 459 FixTypographicalErrors 463 FixTypographicalErrors 108 wss-v1.1-errata-os-SOAPMessageSecurityCopyright©OASISOpen2002-2006.AllRightsReserved. 01November2006Page5of13 1092Typographical/EditorialErrors 1102.1Section7.2DirectReferences 111Addedbracketstoelementnameswsse:SecurityTokenReference,wsse:Embedded112Copyright©OASISOpen2002-2006.AllRightsReserved. 01November2006Page6of13 1433NormativeErrors 1443.1Section8.3SigningTokens 145Removedthe#x509v3tableentryatline1399andthenchangetheexampleinsamedocument146atlines1514,1915and1927to/wss/2004/01/oasis-200401-wss-x509147token-profile-1.0#X509v3. 1483.2Section7.3KeyIdentifiers 149Changedtableentryonline1014from /wss/oasiswss-soap-messagesecurity1.1#ThumbPrintSHA1 IfthesecuritytokentypethattheSecurityTokenReferencereferstoalreadycontainsarepresentationforthethumbprint,thevalueobtainedfromthetokenMAYbeused.Ifthetokendoesnotcontainarepresentationofathumbprint,thenthevalueoftheKeyIdentifierMUSTbetheSHA1oftherawoctetswhichwouldbeencodedwithinthesecuritytokenelementwereittobeincluded.AthumbprintreferenceMUSTurbinationwitharequiredtobesupported(bytheapplicableprofile)referenceformunlessathumbprintreferenceisamongthereferenceformsrequiredtobesupportedbytheapplicableprofile,orthepartiestomunicationhaveagreedtoeptthumbprintonlyreferences. 150to /wss/oasiswss-soap-messagesecurity1.1#ThumbprintSHA1 IfthesecuritytokentypethattheSecurityTokenReferencereferstoalreadycontainsarepresentationforthethumbprint,thevalueobtainedfromthetokenMAYbeused.Ifthetokendoesnotcontainarepresentationofathumbprint,thenthevalueoftheKeyIdentifierMUSTbetheSHA1oftherawoctetswhichwouldbeencodedwithinthesecuritytokenelementwereittobeincluded.AthumbprintreferenceMUSTurbinationwitharequiredtobesupported(bytheapplicableprofile)referenceformunlessathumbprintreferenceisamongthereferenceformsrequiredtobesupportedbytheapplicableprofile,orthepartiestomunicationhaveagreedtoeptthumbprintonlyreferences. 151 wss-v1.1-errata-os-SOAPMessageSecurityCopyright©OASISOpen2002-2006.AllRightsReserved. 01November2006Page7of13 1524References 153 [GLOSS] InformationalRFC2828,"SecurityGlossary,"May2000. 154 [KERBEROS]
J.KohlandC.Neuman,"TheKerberosNetworkAuthenticationService 155 (V5),"RFC1510,September1993,/rfc/rfc1510.txt. 156 [KEYWORDS]
S.Bradner,"KeywordsforuseinRFCstoIndicateRequirementLevels," 157 RFC2119,HarvardUniversity,March1997. 158 [SHA-1] 159 160 FIPSPUB180-
1.SecureHashStandard.U.S.DepartmentofCommerce/NationalInstituteofStandardsandTechnology.http://csrc.nist.gov/publications/fips/fips180-1/fip180-1.txt 161 [SOAP11] W3CNote,"SOAP:SimpleObjectessProtocol1.1,"08May2000. 162 [SOAP12] 163 W3Cmendation,"SOAPVersion1.2Part1:MessagingFramework",23June2003. 164 [SOAPSEC] W3CNote,"SOAPSecurityExtensions:DigitalSignature,"06February 165 2001. 166 [URI] 167 168
T.Berners-Lee,
R.Fielding,
L.Masinter,"UniformResourceIdentifiers(URI):GenericSyntax,"RFC3986,MIT/LCS,DaySoftware,AdobeSystems,January2005. 169 [XPATH] W3Cmendation,"XMLPathLanguage",16November1999 170 171 Thefollowingarenon-normativereferencesincludedforbackgroundandrelatedmaterial: 172 [WS-SECURITY]"WebServicesSecurityLanguage",IBM,Microsoft,VeriSign,April2002. 173 "WS-SecurityAddendum",IBM,Microsoft,VeriSign,August2002. 174 "WS-SecurityXMLTokens",IBM,Microsoft,VeriSign,August2002. 175 [XMLC14N] W3Cmendation,"CanonicalXMLVersion1.0,"15March2001. 176 [EXCC14N] W3Cmendation,"ExclusiveXMLCanonicalizationVersion1.0,"
8 177 July2002. 178 [XMLENC] 179 W3CWorkingDraft,"XMLEncryptionSyntaxandProcessing,"04March2002. 180 W3Cmendation,“DecryptionTransformforXMLSignature”,10December2002. 181 [XML-ns] W3Cmendation,"NamespacesinXML,"14January1999. 182 [XMLSCHEMA]W3Cmendation,"XMLSchemaPart1:Structures,"2May2001. 183 W3Cmendation,"XMLSchemaPart2:Datatypes,"2May2001. 184 [XMLSIG] 185 186
D.Eastlake,
J.R.,
D.Solo,
M.Bartel,
J.Boyer,
B.Fox,
E.Simon.XMLSignatureSyntaxandProcessing,W3Cmendation,12February2002. 187 [X509] 188 189 190
S.Santesson,etal,"X.509PublicKeyInfrastructureQualifiedCertificatesProfile,"mendation.asp?
type=items&lang=e&parent=T-REC-X.509-200003-
I 191 [WSS-SAML] OASISWorkingDraft06,"WebServicesSecuritySAMLTokenProfile", 192 21February2003 wss-v1.1-errata-os-SOAPMessageSecurityCopyright©OASISOpen2002-2006.AllRightsReserved. 01November2006Page8of13 193 [WSS-XrML] OASISWorkingDraft03,"WebServicesSecurityXrMLTokenProfile", 194 30January2003 195 [WSS-X509] OASIS,“WebServicesSecurityX.509CertificateTokenProfile”,19 196 January2004,/wss/2004/01/oasis- 197 200401-wss-x509-token-profile-1.0 198 [WSSKERBEROS]OASISWorkingDraft03,"WebServicesSecurityKerberosProfile",30 199 January2003 200 [WSSUSERNAME]OASIS,”WebServicesSecurityUsernameTokenProfile”19January 201 2004,/wss/2004/01/oasis-200401-wss- 202 username-token-profile-1.0 203 [WSS-XCBF] OASISWorkingDraft1.1,"WebServicesSecurityXCBFTokenProfile", 204 30March2003 205 [XMLID] W3Cmmendation,“xml:idVersion1.0”,9September2005. 206 [XPOINTER] "XMLPointerLanguage(XPointer)Version1.0,Candidate 207 mendation",DeRose,Maler,Daniel,11September2001. wss-v1.1-errata-os-SOAPMessageSecurityCopyright©OASISOpen2002-2006.AllRightsReserved. 01November2006Page9of13 208AppendixA:Acknowledgements 209CurrentContributors:MichaelManeeshDuaneGeneFrankHalDenisCorinnaSteveRichThomasMerlinDaleRichSamDanaS.ToshihiroKefengIrvingKojiroPaulaDerekMaryannKelvinMichaelAnthonyNatarajBruceRonDonKatePaulVijayMartinChrisFrederickAbbiePrateekVamsiRamanaBenRobBlakeSundeepCoumaraPeteManveenRonald HuSahuNickullThurstonSiebenlistLockhartPilipchukWittAndersonLevinsonDeMartiniHughesMobergSalzWeiKaufmanNishimuraChenReidNakayamaAustelFuHondoLawrenceMcIntoshNadalinNagaratnamRichWilliamsFlinnCherryCottonGajjalaGudginKalerHirschBarbirMishraMotukuruTurlapiHammondPhilpottDournaeePeechuRadjaWenzelKaurMonzillo ActionalActionalAdobeSystemsAmberPointArgonneNationalLaboratoryBEASystemsBEASystemsBEASystemsBMCSoftwareComputerAssociatesContentGuardCybertrustCycloneCommerceDatapowerEMCForumSystemsFujitsuGeoTrustHewlett-PackardHitachiIBMIBMIBMIBMIBMIBMIBMIBMIBMIndividualLockheedMartinMicrosoftMicrosoftMicrosoftMicrosoftNokiaNortelOracleOracleOracleRSASecurityRSASecuritySarvegaSarvegaSarvegaSeeBeyondSunMicrosystemsSunMicrosystems wss-v1.1-errata-os-SOAPMessageSecurity 01November2006 Copyright©OASISOpen2002-2006.AllRightsReserved.13 Page10of JanSymonJohnHansPhillipHemma AlexanderChangWeilandGranqvistHallam-BakerPrafullchandra TIBCOSoftwareUSNavyVeriSignVeriSignVeriSign 210PreviousContributors:PeterGuillermoTJXinShawnGaneshTimCarolina TomYutakaJasonBobJoelSatoshiHiroshiDavidKentWaynePhilMarkJohnPeterDavanumBobBobKeithAllenGiovanniAlanJohannesScottChrisBrianPaulJohnJohnDanHerveyJeffSenthilLloydEdCharlesVipinJerry DapkusLaoPannuWangSharpVaideeswaranMosesCanalesValenzuelaRuttKudoRouaultBlakleyFarrellHadaMaruyamaMelgarTamuraVicknairGriffinHayesHughesRostinSrinivasanAtkinsonBallingerBrownDella-LiberaGellerKleinKonersmannKurthiaLeachManferdelliShewchukSimonWilsonHodgesSengodanBurchReedKnouseSamarSchwarz BEAContentGuardContentGuardContentGuardCycloneCommerceDocumentumEntrustEricsson FujitsuHitachiHPIBMIBMIBMIBMIBMIBMIBMIndividualIndividualIndividualIndividualIndividualIndividual/2MicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftMicrosoftNeustarNokiaNovellNovellOblixOracleOracle wss-v1.1-errata-os-SOAPMessageSecurity 01November2006 Copyright©OASISOpen2002-2006.AllRightsReserved.13 Page11of Eric Gravengaard Reactivity Andrew Nash Reactivity Stuart King ReedElsevier Martijn deBoer SAP Jonathan Tourzan Sony Yassir Elley Sun Michael Nguyen TheIDAofSingapore Don Adams TIBCO Morten ensen Vordel 211 wss-v1.1-errata-os-SOAPMessageSecurity Copyright
©OASISOpen2002-2006.AllRightsReserved.13 01November2006Page12of 212AppendixB:RevisionHistory Rev Date ByWhom 01 08-25-2006 AnthonyNadalin 213 214Thissectionisnon-normative. WhatIssue455,459,463 wss-v1.1-errata-os-SOAPMessageSecurity Copyright©OASISOpen2002-2006.AllRightsReserved.13 01November2006Page13of
声明:
该资讯来自于互联网网友发布,如有侵犯您的权益请联系我们。
