[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: ISSUE 190: Final kicks at the whale
I'm definitely feeling like I've kicked this dead whale far enough down the beach... Here's my final offer, roughly based on Frederick's recent proposal, but with an out for receivers who don't want to do unnecessary work. When a <wsse:Security> header includes a mustUnderstand="true" attribute: 1) The receiver must generate a SOAP fault if does not implement the WSS: SOAP Message Security specification corresponding to the namespace. Implementation means ability to interpret the schema as well as follow the required processing rules specified in WSS: SOAP Message Security. 2) The receiver must generate a fault if unable to interpret or process security tokens contained in the SOAP Message Security header block according to the corresponding SOAP Message Security token profiles. Receivers MAY ignore elements or extensions within the <wsse:Security> element, based on local security policy. - irving -
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]