[wss] questions and comments on WSS Core

[Konstantin Beznosov <konstantin.beznosov@quadrasis.com>]

Here are some questions and comments I got after reading the core. I tried
to drop those other people had reported already.

1. lines 193-195: Where does the threat of replay attacks belong to? To the first or the second group?
2. line 238: Since this is a normative text, how "inappropriate claims" is defined here?
3. lines 251-255: Since the UrenameToken element does not have password digest, what is the purpose of the Nonce and Created elements here? 
4. paragraphs in lines 535-537 and 538-540 repeat each other and one of them needs to be eliminated.
5. line 1016: what specification's section 4.5.3 does it refer to? The above text implies XML Encryption. It should be explicit.
6. line 1155: the meaning of "materially" is unclear.
7. lines 1430, 1431: The clause "these elements be included in the signature" is unclear. What does "included in the signature" mean? Should they be signed?
   

Grammar:

1. lines 357 and 358: "whose" should be replaced with "which"
2. lines 402, 497, 767, 954, 1132, 1192, 1224: incorrect grammar
3. line 585: replace "principals" with "principles"
4. line 676: what is "consant"?
5. The sentence spanning lines 1112 and 1113 has an incomplete independent clause.
   

Konstantin
-- 
___________________________________________________________
 Konstantin Beznosov                     Security Architect
 Quadrasis -- We Unify Security    http://www.quadrasis.com
 Hitachi Computer Products (America), Inc.
 
 konstantin.beznosov@quadrasis.com
 http://www.beznosov.net/konstantin 
 
 1601 Trapelo Road                  Phone:  781 768 5840
 Waltham, MA 02451                  Fax:    781 890 4998
___________________________________________________________