OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [wss] Comments on WSS-Core-01

(1) The discussion in this document assumes the messaging model described in
[SOAP-Messaging]. It would be helpful to cite this early in the draft (for
example, the document makes use of the concept of "role" as found in
[SOAP-Messaging] in an essential way).

(2) lines 250 -255 (Example lines 5 - 10) are not secured in any way. If the
intention here is to use the timestamp and nonce to prevent a replay attack
(suggestion on lines 1422 - 1424) than this needs to be stated in the

It also be helpful to readers to include a signature over the <wsse:
UsernameToken> element (perhaps an additional element can be added to the
signature references on lines 258 - 271). In its absence, the use of an
unsecured <wsse:UsernameToken> was confusing to me.

(3) lines 374: "should be prepended" --> "SHOULD be prepended"

(4) lines 733 - 735: I could not follow the point made here at all. 

(5) Does Section 9.3 depend upon [SOAP-attachments]? If so, it should be
cited here. If there is some other model assummed for attachments, it should
be explained here.

(6) lines 1016: "Section 4.5.3" ---> "Section 9.3"

(7) lines 1139 - 1141: Is the intent here that a SOAP node acting in a
particular role should create or update the appropriate <wsu:Timestamp>
element directed to itself? If so, perhaps that could be stated directly. 

(8) lines 1225: reference to role's send time. But no such attribute or
element is defined in the specification. 





- prateek mishra

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC