[MS-WSTEP]: WS-Trust X.509v3 Token Enrollment Extensions

Article
08/12/2023

This topic lists Errata found in [MS-WSTEP] since it was last published. Since this topic is updated frequently, we recommend that you subscribe to this RSS feed to receive update notifications.

Errata are subject to the same terms as the Open Specifications documentation referenced.

RSS

To view a PDF file of the errata for the previous versions of this document, see the following ERRATA Archives:

June 1, 2017 - Download

Errata below are for Protocol Document Version V14.0 – 2021/06/25.

Errata Published*	Description
2021/09/21	In Section 3.1.4.1.3.2 wst:RequestedSecurityTokenType, updated to clarify the RequestSecurityTokenResponseCollection and RequestedSecurityToken element responses, the certificate locations, and the BinarySecurityToken format and value type. Changed from: "The WSTEP extends wst: RequestedSecurityTokenType with two additional elements. ● <xs:element ref="wsse:BinarySecurityToken" /> ● <xs:element ref="wsse:SecurityTokenReference" /> wsse:BinarySecurityToken: The wsse:BinarySecurityToken element contains the issued certificate. The issued certificate follows the encoding and data structure defined in [MS-WCCE] section 2.2.2.8." Changed to: "MS-WSTEP extends the wst: RequestedSecurityTokenType with two additional elements as follows. ● <xs:element ref="wsse:BinarySecurityToken" /> ● <xs:element ref="wsse:SecurityTokenReference" /> The server SHOULD<2> include the end entity certificate in the RequestedSecurityTokenresponse. The ValueType of the BinarySecurityToken element for this RequestedSecurityToken response MUST be X509v3 [RFC5280]. The server MUST also include a CMC full PKI response in the RequestSecurityTokenResponseCollection, as specified in sections 4.2 and 4.3 of [WSTrust1.3]. wsse:BinarySecurityToken: The wsse:BinarySecurityToken element contains the issued certificatein either a full CMC response or as a stand alone x509v3 certificate[RFC5280]. <2> Section 3.1.4.1.3.2: Microsoft Windows always includes the requested end entity certificate in the RequestedSecurityToken."

Errata Published*

Description

2021/09/21

In Section 3.1.4.1.3.2 wst:RequestedSecurityTokenType, updated to clarify the RequestSecurityTokenResponseCollection and RequestedSecurityToken element responses, the certificate locations, and the BinarySecurityToken format and value type.

Changed from:

"The WSTEP extends wst: RequestedSecurityTokenType with two additional elements.

● <xs:element ref="wsse:BinarySecurityToken" />

● <xs:element ref="wsse:SecurityTokenReference" />

wsse:BinarySecurityToken: The wsse:BinarySecurityToken element contains the issued certificate. The issued certificate follows the encoding and data structure defined in [MS-WCCE] section 2.2.2.8."

Changed to:

"MS-WSTEP extends the wst: RequestedSecurityTokenType with two additional elements as follows.

● <xs:element ref="wsse:BinarySecurityToken" />

● <xs:element ref="wsse:SecurityTokenReference" />

The server SHOULD<2> include the end entity certificate in the RequestedSecurityTokenresponse. The ValueType of the BinarySecurityToken element for this RequestedSecurityToken response MUST be X509v3 [RFC5280]. The server MUST also include a CMC full PKI response in the RequestSecurityTokenResponseCollection, as specified in sections 4.2 and 4.3 of [WSTrust1.3].

wsse:BinarySecurityToken: The wsse:BinarySecurityToken element contains the issued certificatein either a full CMC response or as a stand alone x509v3 certificate[RFC5280].

<2> Section 3.1.4.1.3.2: Microsoft Windows always includes the requested end entity certificate in the RequestedSecurityToken."

*Date format: YYYY/MM/DD

[MS-WSTEP]: WS-Trust X.509v3 Token Enrollment Extensions

Additional resources