OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [security-services] RE: Approved change: Adding IssueInstant toRequest/Response


Done,

I concur on the section 5.4.6 issue, we should not have two security
considerations sections, particularly if one is only a paragraph.

Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227


> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: Tuesday, January 29, 2002 10:08 PM
> To: SAML
> Cc: 'Hallam-Baker, Phillip'; 'Mishra, Prateek'
> Subject: Approved change: Adding IssueInstant to Request/Response
> 
> 
> The committee approved the following changes:
> 
> In core-25, insert after line 889 and after line 1076:
> 	<attribute name="IssueInstant" type="dateTime" use="required" />
> 
> In core-25, add to section 3.2.1, at line 877 and to section 3.4.1, at
> line
> 1068:
> 
> IssueInstant [Required]
> The time instant of issue of the request/response. It has the type
> dateTime, which is built into the W3C XML Schema Datatypes 
> specification
> [Schema2].
> 
> I make the editorial suggestion to remove section 5.4.6 as well.
> 
> In bindings-09, add text to the Security Considerations section in
> the SOAP over HTTP description (lines 263-269):
> 
> Since a synchronous SSL connection is used to insure message 
> integrity,
> examination of the IssueInstant attributes in Request and 
> Response does
> not protect against any known attacks and is therefore not required.
> 
> -- Scott
> 

Phillip Hallam-Baker (E-mail).vcf



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC