OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsbpel message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wsbpel] Review - Chapter 16: Security Considerations

That wording looks great.

Danny

Prasad Yendluri wrote:
Danny,

I see your intent now, thanks. How about replacing the word "include" with "encompass", like

"Consequently, when using WS-Security, signatures MUST include encompass the semantically significant headers ...."

Will that work ?
I am concerned that the rephrased  "MUST be signed" has the side affect of requiring the use of signatures always.

Regards,
Prasad

Danny van der Rijn wrote:
I don't think I changed any of that meaning :  " when using ... MUST ... "

only changing it so that it doesn't say that the headers must be in the signature (which IMO isn't correct), but rather says that the signature must be *over* the headers.

that was my intention, anyway.  If you still think that I changed something, can you suggest other wording that takes my concerns into account?  Or point out where you think my intention didn't make it into my wording?

Thanks
Danny

Prasad Yendluri wrote:

Danny van der Rijn wrote:
Suggestions:

- WS-Security added as normative reference in references section, and a [reference] to it added in 16

Consequently, when using WS-Security, signatures MUST include the semantically significant headers and the message body (as well as any other relevant data) MUST be signed so that they cannot be independently separated and re-used.


I would not consider this editorial change though. The original text as stated does not require signing, only that when signed the signatures include the  semantically significant headers and the message body. The rewording requires that messages MUST always be signed. In addition, having a MUST requirement with "any other relevant data" does not  make sense to me (as it is not specific enough for a MUST).

Regards.
Prasad

Mehta, Vinkesh (US - Austin) wrote:
After reviewing Chapter 16. Security Considerations, I propose that we accept the Chapter with no changes.
 
thanks,
-Vinky
 

Vinkesh O. Mehta

Manager

Deloitte Consulting LLP

Tel: (or Direct:) +1 512 226 4261

Main: +1 512 691 2300

Fax: +1 512 480 1261

Mobile: + 1 512 750 2006

vmehta@deloitte.co

www.deloitte.com

400 West 15th Street, Suite 1700

Austin, TX 78701-1648

USA


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]