OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wsbpel message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wsbpel] Review - Chapter 16: Security Considerations

Danny van der Rijn wrote:

- WS-Security added as normative reference in references section, and a [reference] to it added in 16

Consequently, when using WS-Security, signatures MUST include the semantically significant headers and the message body (as well as any other relevant data) MUST be signed so that they cannot be independently separated and re-used.

I would not consider this editorial change though. The original text as stated does not require signing, only that when signed the signatures include the  semantically significant headers and the message body. The rewording requires that messages MUST always be signed. In addition, having a MUST requirement with "any other relevant data" does not  make sense to me (as it is not specific enough for a MUST).


Mehta, Vinkesh (US - Austin) wrote:
After reviewing Chapter 16. Security Considerations, I propose that we accept the Chapter with no changes.

Vinkesh O. Mehta


Deloitte Consulting LLP

Tel: (or Direct:) +1 512 226 4261

Main: +1 512 691 2300

Fax: +1 512 480 1261

Mobile: + 1 512 750 2006



400 West 15th Street, Suite 1700

Austin, TX 78701-1648


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]