0009108: Clarification for comparing UserTokens

ID	Project	Category	View Status	Date Submitted	Last Update

0009108	10000-004: Services	Spec	public	2023-08-17 13:21	2023-09-26 15:54

Reporter	Matthias Isele	Assigned To	Matthias Damm
Priority	normal	Severity	minor	Reproducibility	always
Status	assigned	Resolution	open
Target Version	1.05.03 RC1

Summary	0009108: Clarification for comparing UserTokens
Description	The specification states (ActivateSession - Description): "In addition, the Server shall verify that the Client supplied a UserIdentityToken that is identical to the token currently associated with the Session." It's not clear which parameters of the UserTokens need to be evaluated for the different TokenTypes. E.g. The UserNameIdentityToken has 4 parameter (policyId, userName, password, encryptionAlgorithm). In this case it's obvious that the password shall not be evaluated for comparing the user token. However it's not explicitly stated.
Tags	No tags attached.

Commit Version
Fix Due Date

Date Modified	Username	Field	Change
2023-08-17 13:21	Matthias Isele	New Issue
2023-08-17 13:23	Matthias Isele	Summary	Clarification => Clarification for comparing UserTokens
2023-09-26 15:48	Jim Luth	Note Added: 0020058
2023-09-26 15:54	Jim Luth	Assigned To	=> Matthias Damm
2023-09-26 15:54	Jim Luth	Status	new => assigned

Jim Luth 2023-09-26 15:48 administrator ~0020058	Determine if we can eliminate this check entirely. Validating the Client Application Cert is the same should be sufficient.