wss message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: [wss] ISSUE: S:mustUnderstand
- From: Eric Gravengaard <eric@reactivity.com>
- To: "[wss oasis] (E-mail)" <wss@lists.oasis-open.org>
- Date: Mon, 03 Mar 2003 11:19:57 -0800
On line 434 of
draft 10-0223-merged the example uses the attribute S:mustUnderstand. I believe
that the use of this header must be clarified. On line 454, the spec states that
"all compliant implementations MUST declare which profiles they support and MUST
be able to process a <wsse:Security> element and any sub-elements which
may be defined by that profile."
1) Does this mean
that the recipient MUST respond with FAULT if any sub-element of
<wsse:Security> is not able to be processed? I believe it does, but this
could be interpreted otherwise. I believe the spec should be clarified to
include a normative description of what must be understood. Further the spec
only defines two types of unsupported FAULT codes: UnsupportedSecurityToken and
UnsupportedAlgorithm, neither which may apply if a non-Token sub-element is
present.
2) What namespace
must the "mustUnderstand" attribute be in? Should it be only in the SOAP-ENV 1.2
namespace? Making the header inappropriate for SOAP 1.1 envelopes? Or should the
specification require that the namespace for mustUnderstand match that of the
enveloping <Header>. Then the attribute itself could be assumed to be
understood in any context including future versions of the SOAP
specification.
3) Why is there a
wsu:mustUnderstand attribute defined in the wsu namespace? I don't see any
reference to it anywhere in the specification yet it is defined in one of the
outputs of the committee. What is its use in this spec, in other specs, or to
the greater roadmap? We should either define this or eliminate
it.
4) Where or how
MUST all compliant implementations declare their support for profiles? Is this
intended to mean that our respective companies MUST issue press releases or that
all packaging of secure web services software MUST have a label on it that
declares the support for a specific profile?
5) Finally on a
grammatical note there is confusion in the sentence I quoted above between
"which profiles" and "that profile". This should probably be "which profiles"
and "those profiles".
-Eric
Eric
Gravengaard
Reactivity
617-256-0328
(mobile)
650-551-7891
(office)
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]