[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SecurityPolicy updated for pending issues
|
All of the pending issues have been applied in today’s
update of SP, ws-securitypolicy-1.2-spec-ed-01-r11. Doc format, no change bars. PDF format with change bars. For issue 115, in the reasons Gudge cited for encrypting
UsernameToken in section 5.3.1 I added an addition one of “in the absence
of transport security”. That makes it fit more neatly with the text in
Appendix D. For issue 116 the proposal said to add timestamp to the list
of encrypted tokens based on section 6.2. What 6.2 actually says about
timestamp is that it should be “integrity protected” not protected.
Since the justification for adding it in the proposal didn’t seem to be
supported I erred on the side of caution and did not add it. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]