OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Errors in WSS-Security specification and profiles

I have found the following errors in the the specification and the
profiles of WS-Security:

1. WS-Security Core Specification 1.1:
Line 938: wsse:SecurityTokenReference element, a wsse:Embedded element, a
Should be: <wsse:SecurityTokenReference> element, a <wsse:Embedded>
element, a
Line 939: wsse:Reference element, or a wsse:KeyIdentifier element.
Should be: <wsse:Reference> element, or a <wsse:KeyIdentifier> element.
Line 980: The <wsse:KeyIdentifier> element SHALL is placed in the
Should be: The <wsse:KeyIdentifier> element SHALL be placed in the
Line 1765: <wsse11:EncryptedHeader> then process as per section 9.5.2
Decryption and stop
Shoud be: <wsse11:EncryptedHeader> then process as per section 9.4.2
Decryption and stop
Line 1769: 4. Decrypt the contents of the <xenc:EncryptedData> element
as per section 1769 ction 9.5.2
Should be: 4. Decrypt the contents of the <xenc:EncryptedData> element
as per section 1769 ction 9.4.2

2. SAML Token Profile 1.1
Table 1 Namespace Prefixes at Page 5:
The namcespace for the prefix xenc should be
http://www.w3.org/2001/04/xmlenc#

3. SOAP Message with Attachments (SwA) Profile 1.1
The table between Line 162 and Line 163:
No namespaces for the prefixes xenc and ds are defined, however they are
refered in the document.
Section 5.3:
All refered "Section 5.4.1" should be "Section 4.4.1"
All refered "Section 5.4.2" should be "Section 4.4.2"
The example between Line 519 and Line 566:
There should be a empty line between Line 521 and 522, and between Line
565 and 566
Line 617: Complete Reference Transform (Section 4.3.2) are to be
included in the encryption. If a header listed in
Should be: Complete Reference Transform (Section 5.3.2) are to be
included in the encryption. If a header listed in

4. X.509 Certificate Token Profile 1.1
Line 204: X.509 SubjectKeyIdentifier reference. A subject key identifier
may only be used to
May be: X.509 SubjectKeyIdentifier reference. A subject key identifier
MAY only be used to

Best regards,

Lijun Liao

-- 
Dipl.-Ing. Lijun Liao
Chair for Network and Data Security
Ruhr-Universitaet Bochum
D- 44780 Bochum

Dept. of Electr. Eng. Information Sciences
Building IC, Level 4, Room 147
Universitaetsstr. 150
Phone: (+49) (0)234 / 32 - 25199
Fax:   (+49) (0)234 / 32 - 14347

S/MIME Cryptographic Signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]