OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Comments on Interop Scenario Descriptions - New Format

> From: Hal Lockhart [mailto:hlockhar@bea.com]
> Subject: [wss] Interop Scenario Descriptions - New Format

Section 3.4.3.1, line 150: I don't think the receiver needs to explicitly
check that the <wsse:Security> element has mustUnderstand="true"; the
regular SOAP mustUnderstand handling would be appropriate. This also applies
to the other scenarios.



Section 3.5.2, line 186, I think this may be too restrictive - some people
may be working with SOAP infrastructures that always add some sort of
header. Should we relax this to read:

The response message must not contain a <wsse:Security> header. Any other
header elements MUST NOT be labeled with a mustUnderstand="true" attribute.

This also applies to the second scenario; the last half also applies to the
third.



Section 4.1.2, lines 220-225: for simplicity, should we use a single keypair
so that people don't need to configure point-to-point relationships for
every counterpart in the interop testing?



Section 5.1.1: Do we really want to sign the data with the public key, and
verify it by the Responder having the private key? This scenario would make
much more sense if the Requester has the private key and the Responder
verifies using the corresponding public certificate. (section 5.4.2.4
implies that this is what you really meant).

 - irving -


-----------------------------------------------------------------------------------------------------------------
The information contained in this message is confidential and is intended
for the addressee(s) only.  If you have received this message in error or
there are any problems please notify the originator immediately.  The 
unauthorised use, disclosure, copying or alteration of this message is 
strictly forbidden. Baltimore Technologies plc will not be liable for
direct, special, indirect or consequential damages arising from alteration of the
contents of this message by a third party or as a result of any virus being 
passed on.
 
This footnote confirms that this email message has been swept for Content Security threats, including
computer viruses.

http://www.baltimore.com

 
This footnote confirms that this email message has been swept by 
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]