The bug 4213 includes updating both the Primer and the Guidelines with an example of an empty nested assertion. This Proposed Resolution is to address the Guidelines part. Target: Guidelines document Proposal: Add the following text to the end of section 4.4.2 after example 4.4. In another example, WS-Security Policy defines sp:HttpToken assertion to contain three possible nested elements, sp:HttpBasicAuthentication, sp:HttpDigestAuthentication and sp:RequireClientCertificate. When the HttpToken is used with an empty nested policy in a policy expression by a provider, it will indicate that none of the dependent behaviors namely authentication or client certificate is required. (add this in an example box...example 4.5 ) <sp:TransportToken> <wsp:Policy> <sp:HttpsToken> <wsp:Policy/> </sp:HttpsToken> </wsp:Policy> </sp:TransportToken> A non-anonymous client who requires authentication or client certificate will not be able to use this provider solely on the basis of intersection algorithm alone.Received on Tuesday, 13 March 2007 05:16:18 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:20:48 GMT