Project

General

Profile

Actions
Copy link

Bug #191

closed

PAOS and Accept Header is not standards conforming

Added by Tobias Wich over 11 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Hans-Martin Haase
Target version:
1.1.0
Start date:
03/22/2013
Due date:
% Done:

0%

Estimated time:
Reviewer:
Tobias Wich
Build Version:

Description

We identified two issues with the examples in the named section.

Accept header invalid

According to RFC 2616 sec. 14.1, the Accept header consists of several media-range elements seperated by comma. Optionally a qualifier can be given. It is then appended to the media-range with a semicolon.
The header in the example is Accept: text/html; application/vnd.paos+xml

It would be correct if the semicolon is replaced by a colon. Furthermore in a PAOS connection, text/html only makes sense for error messages on the HTTP layer. The example should therefore omit the text/html or replace it with a sane qualified value such as text/*;q=0.2

The corrected header would then look like this Accept: text/*;q=0.2, application/vnd.paos+xml

PAOS header use unclear

The header in the example is PAOS: ver="urn:liberty:paos:2003-08"; "urn:iso:std:iso-iec:24727:tech:schema" action="StartPAOS"

First of all, the new version should be given in the example, so the old version is not be propagated.
The PAOS specification requests (SHALL) the use of a service and action description. The PAOS spec refers to ServiceType in the ID-WSF 2.0 Discovery specification (http://www.projectliberty.org/liberty/content/download/3450/22976/file/liberty-idwsf-disco-svc-v2.0-original.pdf) sec. 2.3.2.3. Which defines that it is recommended that the ServiceType is the same as the targetNamespace of the WSDL. The ServiceType must thus be defined somewhere which is not the case for IFD, SAL etc. In case nobody defines these I suggest not to add this element to the PAOS header.

The action must be preceded by a comma.
The action is the same as in WS-Addressing, so the value must be urn:iso:std:iso-iec:24727:tech:schema:StartPAOS instead of StartPAOS. However StartPAOS is wrong as the PAOS header advertises the services the initiator (eCard App) offers.

Keeping all that in mind, a correct example would be:
PAOS: ver="urn:liberty:paos:2006-08"; "http://www.bsi.bund.de/ecard/api/1.1", action="http://www.bsi.bund.de/ecard/api/1.0#InitializeFramework", "http://www.bsi.bund.de/ecard/api/1.0#TerminateFramework"; "urn:iso:std:iso-iec:24727:tech:schema", action="urn:iso:std:iso-iec:24727:tech:schema:DIDAuthenticate", "..."
The action list should contain all functions which are available to the eID Server.

Actions
Copy link

Also available in: Atom PDF