Added owner_urn and target_urn elements to credentials help out the unfortunate ActionScript users...