[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] RE: Approved change: Adding IssueInstant toRequest/Response
Done, I concur on the section 5.4.6 issue, we should not have two security considerations sections, particularly if one is only a paragraph. Phillip Hallam-Baker FBCS C.Eng. Principal Scientist VeriSign Inc. pbaker@verisign.com 781 245 6996 x227 > -----Original Message----- > From: Scott Cantor [mailto:cantor.2@osu.edu] > Sent: Tuesday, January 29, 2002 10:08 PM > To: SAML > Cc: 'Hallam-Baker, Phillip'; 'Mishra, Prateek' > Subject: Approved change: Adding IssueInstant to Request/Response > > > The committee approved the following changes: > > In core-25, insert after line 889 and after line 1076: > <attribute name="IssueInstant" type="dateTime" use="required" /> > > In core-25, add to section 3.2.1, at line 877 and to section 3.4.1, at > line > 1068: > > IssueInstant [Required] > The time instant of issue of the request/response. It has the type > dateTime, which is built into the W3C XML Schema Datatypes > specification > [Schema2]. > > I make the editorial suggestion to remove section 5.4.6 as well. > > In bindings-09, add text to the Security Considerations section in > the SOAP over HTTP description (lines 263-269): > > Since a synchronous SSL connection is used to insure message > integrity, > examination of the IssueInstant attributes in Request and > Response does > not protect against any known attacks and is therefore not required. > > -- Scott >
Phillip Hallam-Baker (E-mail).vcf
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC