[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [sca-bindings] [BINDINGS-161]: BWS50015's target is a WSDL 1.1.document, is that appropriate?
I won't push back wrt this direction, but these sort of SHOULDs are part of the boilerplate not only for Webservices specs but also IETF RFCs. It would be a shame to see these sacrificed at the altar of 'exit criteria'. -Anish -- On 5/12/2011 3:38 AM, Mike Edwards wrote: > > Folks, > > I'm in favour of removing this as a normative statement. I also note > that the same issue applies both > to BWS50014 and BWS50015 so I think that this issue should deal with > both of them. > > So my proposal is as follows: > > Replace the normative statements [BWS50014] and [BWS50015] with the > following text: > > "It is good practice for Policies and Assertions to be signed to prevent > tampering. It is acceptable for > an SCA runtime to reject a Policy that is not signed or where there is > no associated security token > which indicates that the signer has appropriate claims for the policy." > > > > Yours, Mike > ------------------------------------------------------------------------ > Dr Mike Edwards Mail Point 137, Hursley Park > STSM Winchester, Hants SO21 2JN > SCA & Services Standards United Kingdom > Co-Chair OASIS SCA Assembly TC > IBM Software Group > Phone: +44-1962 818014 > Mobile: +44-7802-467431 (274097) > e-mail: mike_edwards@uk.ibm.com > > > > > > From: Anish Karmarkar <Anish.Karmarkar@oracle.com> > To: OASIS Bindings <sca-bindings@lists.oasis-open.org> > Date: 12/05/2011 05:58 > Subject: [sca-bindings] NEW ISSUE: BWS50015's target is a WSDL 1.1. > document, is that appropriate? > > > ------------------------------------------------------------------------ > > > > Title: BWS50015's target is a WSDL 1.1. document, is that appropriate? > > Spec: sca-wsbinding-1.1-spec-cd04 > > Description: > > BWS50015 states -- > Policies and assertions SHOULD be signed to prevent tampering. [BWS50014] > > We haven't defined WSDL 1.1 as a conformance target. Furthermore, > policies can be inlined in a WSDL document or referenced. > > Proposal: > > We could go one of two ways, we could define WSDL 1.1 as a target > OR > we could refactor this to state that policy assertions ought to be > signed without using RFC2119 keywords, and add a requirement that says > that for a SCA WS Binding XML document to be conformant any policy > referenced (directly or indirectly) SHOULD be signed. > OR > we could just remove the SHOULD altogether and just talk about this > without 2119 keywords. > > -Anish > -- > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > > > > > > ------------------------------------------------------------------------ > > / > / > > /Unless stated otherwise above: > IBM United Kingdom Limited - Registered in England and Wales with number > 741598. > Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU/ > > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]