Web Services Security
X.509 Certificate Token Profile 1.1
OASIS Errata Committee Draft 01, 25 August 2006
OASIS Identifier:
wss-v1.1-spec-errata-X509TokenProfile
Document Location:
http://docs.oasis-open.org/wss/v1.1/
Technical Committee:
Web Service Security (WSS)
Chairs:
Kelvin Lawrence, IBM
Chris
Kaler, Microsoft
Editors:
Anthony Nadalin, IBM
Abstract:
This document describes how to use X.509
Certificates with the Web Services Security:
Status:
This is an OASIS
Draft listing errata for the OASIS
Standard produced by the Web Services Security Technical Committee.
The standard was approved by the OASIS membership on 1 February 2006..
Technical Committee members should send comments on
this specification to the technical Committee’s email list. Others should send
comments to the Technical Committee by using the “Send A Comment” button on the
Technical Committee’s web page at www.oasisopen.org/committees/wss.
For information on whether any patents have been disclosed that may be essential to implementing this specification, and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the WS-Security TC web page (http://www.oasis-open.org/committees/wss/ipr.php).
OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be vailable; neither does it represent that it has made any effort to identify any such rights. Information on
OASIS's procedures with respect to rights in OASIS specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification, can be obtained from the OASIS Executive Director. OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.
Copyright (C) OASIS Open 2002-2006. All Rights Reserved.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications, in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
This document and the information contained herein is provided on an "AS IS" basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
OASIS has been notified of intellectual property rights claimed in regard to some or all of the contents of this specification. For more information consult the online list of claimed rights.
This section is non-normative.
Table of Contents
2 Typographical/Editorial
Errors
2.1 Section 3.3.2
Reference to a Binary Security Token
2.2 Section 3.3.3
Reference to an Issuer and Serial Number
3.3 Section 3.2 Token
References
The following issues related to the Web Services Security X.509 Certificate Token Profile 1.1 listed in the Web Services Committee Issues List [WSS-Issues] have been addressed in this document:
Description |
|
457 |
Remove #x509v1 from table |
458 |
Fix typographical Errors |
460 |
Change #ThumbPrintSHA1 to #ThumbprintSHA1 |
Changed lines 348 and 349 from
<ds:Reference URI="#body"></ds:Reference>
<ds:Reference URI="#binarytoken"></ds:Reference>
to
<ds:Reference URI="#body">...</ds:Reference>
<ds:Reference URI="#binarytoken">...</ds:Reference>
Changed lines 384 and 385 from
<ds:Reference URI="#body"></ds:Reference>
<ds:Reference URI="#keyinfo"></ds:Reference>
to
<ds:Reference URI="#body">...</ds:Reference>
<ds:Reference URI="#keyinfo">...</ds:Reference>
Changed line 430 from
xenc:EncryptionMethod Algorithm="..."/>
to
xenc:EncryptionMethod Algorithm=". . ."/>
Changed line 480 from
soap-message-security-1.1#ThumbPrintSHA1" >LKiQ/CmFrJDJqCLFcjlhIsmZ/+0=
to
soap-message-security-1.1#ThumbprintSHA1" >LKiQ/CmFrJDJqCLFcjlhIsmZ/+0=
Changed line 494 from
<xenc:EncryptedData Id="encrypted" Type="...">
to
<xenc:EncryptedData Id="encrypted" Type=". . .">
Deleted following row from table at line 158
#X509PKIPathv1 |
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1 |
Deleted following row from table at line 177
Single certificate |
#x509v1 |
An X.509 v1 certificate capable of signature-verification at a minimum. |
Changed line 204 from
X.509 SubjectKeyIdentifier reference. A subject key identifier may only be used to
to
X.509 SubjectKeyIdentifier reference. A subject key identifier MAY only be used to
The following are normative
references
[Glossary] Informational RFC 2828, Internet Security Glossary,
May 2000. http://www.ietf.org/rfc/rfc2828.txt
[KEYWORDS] S. Bradner, Key words for use in RFCs to Indicate
Requirement Levels, RFC 2119,
[RFC2246] T. Dierks, C. Allen., The
[
[SOAP12] W3C
Recommendation, "SOAP Version 1.2 Part 1: Messaging Framework", 23
June 2003.
[URI] T.
Berners-Lee, R. Fielding, L. Masinter, "Uniform Resource Identifiers
(URI): Generic Syntax," RFC 3986, MIT/LCS, Day Software, Adobe Systems,
January 2005.
[WS-Security] A.
Nadalin et al., Web Services Security: SOAP Message Security 1.1 (WS-Security
2004), OASIS Standard, http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.1.pdf.
[PKCS7] PKCS #7: Cryptographic Message Syntax Standard RSA Laboratories, November 1, 1993. http://www.rsasecurity.com/rsalabs/pkcs/pkcs-7/index.html
[PKIPATH] http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.509-200110-S!Cor1
[X509] ITU-T Recommendation X.509
(1997 E): Information Technology - Open Systems Interconnection - The
Directory: Authentication Framework, June 1997.
The following are non-normative references
[XML-ns] T. Bray, D. Hollander, A. Layman. Namespaces in XML. W3C
Recommendation. January 1999. http://www.w3.org/TR/1999/REC-xml-names-19990114
[XML Encrypt] W3C Recommendation, "XML Encryption Syntax
andProcessing," 10 December 2002
[XML Signature] D.
Current Contributors:
Michael |
Hu |
Actional |
Maneesh |
Sahu |
Actional |
Duane |
Nickull |
Adobe Systems |
Gene |
Thurston |
AmberPoint |
Frank |
Siebenlist |
|
Hal |
Lockhart |
BEA Systems |
Denis |
Pilipchuk |
BEA Systems |
Corinna |
Witt |
BEA Systems |
Steve |
|
BMC Software |
Rich |
Levinson |
Computer Associates |
Thomas |
DeMartini |
ContentGuard |
Merlin |
Hughes |
Cybertrust |
Dale |
Moberg |
Cyclone Commerce |
Rich |
Salz |
Datapower |
Sam |
Wei |
EMC |
Dana S. |
Kaufman |
Forum Systems |
Toshihiro |
Nishimura |
Fujitsu |
Kefeng |
Chen |
GeoTrust |
|
Reid |
Hewlett-Packard |
Kojiro |
Nakayama |
|
Paula |
Austel |
IBM |
Derek |
Fu |
IBM |
Maryann |
Hondo |
IBM |
Kelvin |
|
IBM |
Michael |
McIntosh |
IBM |
Anthony |
Nadalin |
IBM |
Nataraj |
Nagaratnam |
IBM |
Bruce |
Rich |
IBM |
Ron |
Williams |
IBM |
Don |
Flinn |
Individual |
Kate |
Cherry |
Lockheed Martin |
Paul |
Cotton |
Microsoft |
Vijay |
Gajjala |
Microsoft |
Martin |
Gudgin |
Microsoft |
Chris |
Kaler |
Microsoft |
|
Hirsch |
Nokia |
Abbie |
Barbir |
Nortel |
Prateek |
Mishra |
Oracle |
Vamsi |
Motukuru |
Oracle |
Ramana |
Turlapi |
Oracle |
Ben |
|
RSA Security |
Rob |
Philpott |
RSA Security |
Blake |
Dournaee |
Sarvega |
Sundeep |
Peechu |
Sarvega |
Coumara |
Radja |
Sarvega |
Pete |
Wenzel |
SeeBeyond |
Manveen |
Kaur |
Sun Microsystems |
Ronald |
Monzillo |
Sun Microsystems |
Jan |
Alexander |
Systinet |
Symon |
Chang |
TIBCO Software |
John |
Weiland |
US Navy |
Hans |
Granqvist |
VeriSign |
Phillip |
Hallam-Baker |
VeriSign |
Hemma |
Prafullchandra |
VeriSign |
Previous Contributors:
Peter |
Dapkus |
BEA |
Guillermo |
Lao |
ContentGuard |
TJ |
Pannu |
ContentGuard |
Xin |
Wang |
ContentGuard |
Shawn |
Sharp |
Cyclone Commerce |
Ganesh |
Vaideeswaran |
Documentum |
Tim |
Moses |
Entrust |
|
Canales-Valenzuela |
Ericsson |
Tom |
Rutt |
Fujitsu |
Yutaka |
Kudo |
|
Jason |
Rouault |
HP |
Bob |
Blakley |
IBM |
Joel |
Farrell |
IBM |
Satoshi |
Hada |
IBM |
Hiroshi |
Maruyama |
IBM |
David |
Melgar |
IBM |
|
Tamura |
IBM |
|
Vicknair |
IBM |
Phil |
|
Individual |
Mark |
Hayes |
Individual |
John |
Hughes |
Individual |
Peter |
Rostin |
Individual |
Davanum |
Srinivas |
Individual |
Bob |
Morgan |
Individual/Internet2 |
Bob |
Atkinson |
Microsoft |
Keith |
Ballinger |
Microsoft |
Allen |
Brown |
Microsoft |
Giovanni |
Della-Libera |
Microsoft |
Alan |
Geller |
Microsoft |
Johannes |
Klein |
Microsoft |
Scott |
Konersmann |
Microsoft |
Chris |
Kurt |
Microsoft |
Brian |
LaMacchia |
Microsoft |
Paul |
Leach |
Microsoft |
John |
Manferdelli |
Microsoft |
John |
Shewchuk |
Microsoft |
Dan |
Simon |
Microsoft |
Hervey |
|
Microsoft |
Jeff |
Hodges |
Neustar |
Senthil |
Sengodan |
Nokia |
Lloyd |
Burch |
Novell |
Ed |
Reed |
Novell |
Charles |
Knouse |
Oblix |
Vipin |
|
Oracle |
Jerry |
Schwarz |
Oracle |
Eric |
Gravengaard |
Reactivity |
Andrew |
Nash |
Reactivity |
Stuart |
King |
Reed Elsevier |
Martijn |
de Boer |
SAP |
Jonathan |
Tourzan |
Sony |
Yassir |
Elley |
Sun |
Michael |
Nguyen |
The IDA of |
Don |
|
TIBCO |
Morten |
Jorgensen |
Vordel |
Rev |
Date |
By Whom |
What |
01 |
08-25-2006 |
Anthony Nadalin |
Issue 457, 458,
460 |