[wss] inconsistent token prepending "rules"

[ronald monzillo <ronald.monzillo@sun.com>]

In section 9 of the core it states

954: "When a sender or an intermediary encrypts portion(s) of a SOAP 
message using XML Encryption they MUST prepend a sub-element to the 
<wsse:Security> header block."

This as a rule since it uses the word MUST.

In section 5 of the core its states:

419: As elements are added to the <wsse:Security> header block, they 
SHOULD be prepended to the existing elements. As such, the 
<wsse:Security> header block represents the signing and encryption steps 
the message sender took to create the message. This prepending rule 
ensures that the receiving application MAY process sub-elements in the 
order they appear in the

despite the phrase "this prepending rule", This as a
"prepending recommendation" due to the use of the word SHOULD. There is
a similar recommendation in section 8.2.

My questions:

is there a good reason why prepending is a rule in the case of 
encryption and a recommendation in the case of signature?

Should they both be recommendations? rules?

If the recommendation form is appropriate for the signature case, then
we should refer to prepending in that context as a recommendation not a 
rule.

The SAML profile defers to this stuff and related stuff (as "token 
inclusion rules") thus teh questions.

Ron


----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>