OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Further comments on WSS 1.1 Username Token Profile


Here are some further comments on the WSS 1.1 Username Token Profile CD
document[1].

Gudge

[1]
http://www.oasis-open.org/committees/download.php/13394/wss-v1.1-spec-pr
-UsernameTokenProfile-01.pdf

1.	Line 306-307 - The parenthetical statement implies that the URI
for the UsernameToken is 
http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-username-token-p
rofile-1.1#UsernameToken and I think it should be
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-p
rofile-1.0#UsernameToken

2.	Lines 358-359 - I can't tell how to serialize the Salt from this
description. Is it xs:hexBinary? Why not xs:base64Binary?

3.	Line 363 - Does 'a decimal value' mean that the type is
xs:decimal? If so, that seems a little odd as that would allow 1234.5678
as a value. Why not xs:unsignedInteger?

4.	Line 383 - If putting the password at the end was a good
cryptographic practice (per lines 191-199) for computing a digest on
Line 166, then why is the same practice not used here?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]