[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Further comments on WSS 1.1 Username Token Profile
Here are some further comments on the WSS 1.1 Username Token Profile CD document[1]. Gudge [1] http://www.oasis-open.org/committees/download.php/13394/wss-v1.1-spec-pr -UsernameTokenProfile-01.pdf 1. Line 306-307 - The parenthetical statement implies that the URI for the UsernameToken is http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-username-token-p rofile-1.1#UsernameToken and I think it should be http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-p rofile-1.0#UsernameToken 2. Lines 358-359 - I can't tell how to serialize the Salt from this description. Is it xs:hexBinary? Why not xs:base64Binary? 3. Line 363 - Does 'a decimal value' mean that the type is xs:decimal? If so, that seems a little odd as that would allow 1234.5678 as a value. Why not xs:unsignedInteger? 4. Line 383 - If putting the password at the end was a good cryptographic practice (per lines 191-199) for computing a digest on Line 166, then why is the same practice not used here?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]