sca-bindings message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: [BINDINGS-161]: BWS50015's target is a WSDL 1.1. document, is thatappropriate?
- From: Mike Edwards <mike_edwards@uk.ibm.com>
- To: OASIS Bindings <sca-bindings@lists.oasis-open.org>
- Date: Thu, 12 May 2011 11:38:01 +0100
Folks,
I'm in favour of removing this as a
normative statement. I also note that the same issue applies both
to BWS50014 and BWS50015 so I think
that this issue should deal with both of them.
So my proposal is as follows:
Replace the normative statements [BWS50014]
and [BWS50015] with the following text:
"It is good practice for Policies
and Assertions to be signed to prevent tampering. It is acceptable
for
an SCA runtime to reject a Policy that
is not signed or where there is no associated security token
which indicates that the signer has
appropriate claims for the policy."
Yours, Mike
|
|
Dr Mike Edwards
| Mail Point 137, Hursley
Park
|
|
STSM
| Winchester, Hants SO21
2JN
|
SCA & Services
Standards
| United Kingdom
|
Co-Chair OASIS SCA
Assembly TC
|
|
|
IBM Software Group
|
|
|
Phone:
| +44-1962 818014
|
|
|
Mobile:
| +44-7802-467431 (274097)
|
|
|
e-mail:
| mike_edwards@uk.ibm.com
|
|
|
|
|
From:
| Anish Karmarkar <Anish.Karmarkar@oracle.com>
|
To:
| OASIS Bindings <sca-bindings@lists.oasis-open.org>
|
Date:
| 12/05/2011 05:58
|
Subject:
| [sca-bindings] NEW ISSUE: BWS50015's
target is a WSDL 1.1. document, is that appropriate? |
Title: BWS50015's target is a WSDL 1.1. document,
is that appropriate?
Spec: sca-wsbinding-1.1-spec-cd04
Description:
BWS50015 states --
Policies and assertions SHOULD be signed to prevent tampering. [BWS50014]
We haven't defined WSDL 1.1 as a conformance target. Furthermore,
policies can be inlined in a WSDL document or referenced.
Proposal:
We could go one of two ways, we could define WSDL 1.1 as a target
OR
we could refactor this to state that policy assertions ought to be
signed without using RFC2119 keywords, and add a requirement that says
that for a SCA WS Binding XML document to be conformant any policy
referenced (directly or indirectly) SHOULD be signed.
OR
we could just remove the SHOULD altogether and just talk about this
without 2119 keywords.
-Anish
--
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6
3AU
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]