wss message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: [wss] questions and comments on WSS Core
- From: Konstantin Beznosov <konstantin.beznosov@quadrasis.com>
- To: wss@lists.oasis-open.org
- Date: Mon, 21 Oct 2002 16:45:08 -0400
Here are some questions and comments I got after reading the core. I tried
to drop those other people had reported already.
- lines 193-195: Where does the threat of replay attacks belong to? To
the first or the second group?
- line 238: Since this is a normative text, how "inappropriate claims"
is defined here?
- lines 251-255: Since the UrenameToken element does not have password
digest, what is the purpose of the Nonce and Created elements here?
- paragraphs in lines 535-537 and 538-540 repeat each other and one of
them needs to be eliminated.
- line 1016: what specification's section 4.5.3 does it refer to? The
above text implies XML Encryption. It should be explicit.
- line 1155: the meaning of "materially" is unclear.
- lines 1430, 1431: The clause "these elements be included in the signature"
is unclear. What does "included in the signature" mean? Should they be signed?
Grammar:
- lines 357 and 358: "whose" should be replaced with "which"
- lines 402, 497, 767, 954, 1132, 1192, 1224: incorrect grammar
- line 585: replace "principals" with "principles"
- line 676: what is "consant"?
- The sentence spanning lines 1112 and 1113 has an incomplete independent
clause.
Konstantin
--
___________________________________________________________
Konstantin Beznosov Security Architect
Quadrasis -- We Unify Security http://www.quadrasis.com
Hitachi Computer Products (America), Inc.
konstantin.beznosov@quadrasis.com
http://www.beznosov.net/konstantin
1601 Trapelo Road Phone: 781 768 5840
Waltham, MA 02451 Fax: 781 890 4998
___________________________________________________________
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC