[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [wss] Comments on WSS-Core-01
(1) The discussion in this document assumes the messaging model described in [SOAP-Messaging]. It would be helpful to cite this early in the draft (for example, the document makes use of the concept of "role" as found in [SOAP-Messaging] in an essential way). (2) lines 250 -255 (Example lines 5 - 10) are not secured in any way. If the intention here is to use the timestamp and nonce to prevent a replay attack (suggestion on lines 1422 - 1424) than this needs to be stated in the discussion. It also be helpful to readers to include a signature over the <wsse: UsernameToken> element (perhaps an additional element can be added to the signature references on lines 258 - 271). In its absence, the use of an unsecured <wsse:UsernameToken> was confusing to me. (3) lines 374: "should be prepended" --> "SHOULD be prepended" (4) lines 733 - 735: I could not follow the point made here at all. (5) Does Section 9.3 depend upon [SOAP-attachments]? If so, it should be cited here. If there is some other model assummed for attachments, it should be explained here. (6) lines 1016: "Section 4.5.3" ---> "Section 9.3" (7) lines 1139 - 1141: Is the intent here that a SOAP node acting in a particular role should create or update the appropriate <wsu:Timestamp> element directed to itself? If so, perhaps that could be stated directly. (8) lines 1225: reference to role's send time. But no such attribute or element is defined in the specification. -------- [SOAP-Messaging] http://www.w3.org/TR/2002/WD-soap12-part1-20020626/ [SOAP-attachments] http://www.w3.org/TR/2002/WD-soap12-part1-20020626/ ------------------ - prateek mishra
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC