OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Agenda for SSTC Conference Call, May 11

>#0146: SOAP Binding works with WSS Model
>Owner: Hal Lockhart
>Status: Open
>Assigned: 29 Apr 2004
>Due: ---
>Prateek Mishra 2004-04-29 21:54 GMT
>*** AI: Hal: Look at SOAP binding and make sure hand waving on WS-Security works.

I completed this action item on April 13 with this posting (also attached.)


--- Begin Message ---
I looked at section 3.2 of the Bindings document:


It looks ok to me in terms of what it says about security.

The only suggestion I have is to change the last sentence of sections, and from:

[Authentication | Integrity | Confidentiality] mechanisms designed specifically for SOAP message exchange MAY also be utilized.

to something like:

When [Authentication | Integrity | Confidentiality] at the SOAP messsage exchange layer is required, the use of the mechanisms specified by [reference to OASIS WSS Std] is RECOMMENDED.


In a side note, somebody should take a look at the description of SOAP in section 3.2. I don't believe many people would now agree with the characterization of SOAP as "RPC-like". The SAML protocol(s) may be RPC-like, but SOAP supports many alternative MEPs.


To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php.

--- End Message ---

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]