[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: F2F AI 14- Check existing Text on Soap Security in SOAP Binding
I looked at section 3.2 of the Bindings document: http://www.oasis-open.org/committees/download.php/6324/sstc-saml-bindings-2.0-draft-09-diff.pdf It looks ok to me in terms of what it says about security. The only suggestion I have is to change the last sentence of sections 3.2.2.3, 3.2.2.4 and 3.2.2.5 from: [Authentication | Integrity | Confidentiality] mechanisms designed specifically for SOAP message exchange MAY also be utilized. to something like: When [Authentication | Integrity | Confidentiality] at the SOAP messsage exchange layer is required, the use of the mechanisms specified by [reference to OASIS WSS Std] is RECOMMENDED. ---- In a side note, somebody should take a look at the description of SOAP in section 3.2. I don't believe many people would now agree with the characterization of SOAP as "RPC-like". The SAML protocol(s) may be RPC-like, but SOAP supports many alternative MEPs. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]