[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Agenda for SSTC Conference Call, May 11
>#0146: SOAP Binding works with WSS Model >Owner: Hal Lockhart >Status: Open >Assigned: 29 Apr 2004 >Due: --- >Comments: >Prateek Mishra 2004-04-29 21:54 GMT >*** AI: Hal: Look at SOAP binding and make sure hand waving on WS-Security works. I completed this action item on April 13 with this posting (also attached.) http://lists.oasis-open.org/archives/security-services/200404/msg00053.html Hal
--- Begin Message ---
- From: "Hal Lockhart" <hlockhar@bea.com>
- To: <security-services@lists.oasis-open.org>
- Date: Tue, 13 Apr 2004 10:47:08 -0400
I looked at section 3.2 of the Bindings document: http://www.oasis-open.org/committees/download.php/6324/sstc-saml-bindings-2.0-draft-09-diff.pdf It looks ok to me in terms of what it says about security. The only suggestion I have is to change the last sentence of sections 3.2.2.3, 3.2.2.4 and 3.2.2.5 from: [Authentication | Integrity | Confidentiality] mechanisms designed specifically for SOAP message exchange MAY also be utilized. to something like: When [Authentication | Integrity | Confidentiality] at the SOAP messsage exchange layer is required, the use of the mechanisms specified by [reference to OASIS WSS Std] is RECOMMENDED. ---- In a side note, somebody should take a look at the description of SOAP in section 3.2. I don't believe many people would now agree with the characterization of SOAP as "RPC-like". The SAML protocol(s) may be RPC-like, but SOAP supports many alternative MEPs. Hal To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php.--- End Message ---
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]