OFA9FF4F50.E015BB33-ON802578A9.00453B75-802578A9.004593B2@uk.ibm.com"
type="cite">
Target:
sca-wsbinding-1.1-cd04.pdf
Description:
BWS50014 & BWS50015 are both
optional
normative statements - this gives problems in meeting the exit
requirements
and are not acceptable:
[BWS50014]
|
Policies and assertions
SHOULD be signed
to prevent tampering.
|
[BWS50015]
|
Policies SHOULD NOT be
accepted unless they
are signed and have an associated security token to
specify the signer
has proper claims for the given policy. |
Proposal:
Make both statements
non-normative,
replacing them with the following text:
"It is good practice for Policies
and assertions to be signed to prevent tampering.
It is advisable that an SCA
runtime
does not accept Policies unless they are signed and have an
associated security token to
specify
the signer has proper claims for the given policy."
Yours, Mike
|
|
Dr
Mike Edwards
|
Mail Point
137, Hursley
Park
|
|
STSM
|
Winchester,
Hants SO21
2JN
|
SCA
& Services
Standards
|
United
Kingdom
|
Co-Chair
OASIS SCA
Assembly TC
|
|
|
IBM
Software Group
|
|
|
Phone:
|
+44-1962
818014
|
|
|
Mobile:
|
+44-7802-467431
(274097)
|
|
|
e-mail:
|
mike_edwards@uk.ibm.com
|
|
|
|
|
Unless stated otherwise
above:
IBM United Kingdom Limited - Registered in England and Wales
with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth,
Hampshire PO6
3AU
Unless stated otherwise
above:
IBM United Kingdom Limited - Registered in England and Wales
with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth,
Hampshire PO6
3AU