OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: F2F AI 14- Check existing Text on Soap Security in SOAP Binding

I looked at section 3.2 of the Bindings document:


It looks ok to me in terms of what it says about security.

The only suggestion I have is to change the last sentence of sections, and from:

[Authentication | Integrity | Confidentiality] mechanisms designed specifically for SOAP message exchange MAY also be utilized.

to something like:

When [Authentication | Integrity | Confidentiality] at the SOAP messsage exchange layer is required, the use of the mechanisms specified by [reference to OASIS WSS Std] is RECOMMENDED.


In a side note, somebody should take a look at the description of SOAP in section 3.2. I don't believe many people would now agree with the characterization of SOAP as "RPC-like". The SAML protocol(s) may be RPC-like, but SOAP supports many alternative MEPs.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]