[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] Interop Scenario Descriptions - New Format
At 11:51 AM 4/18/2003, Hal Lockhart wrote: >I have taken over editing the Interop Scenario descriptions and have >invented a new, more detailed format. > >There is a lot of new material here. Please review it carefully. I am sure I >must have made some mistakes. > >Hal > I have some questions and comments. A. The document doesn't say anything about transport. It's my understanding that we've agreed on HTTP, but it doesn't say anything about what fields might be present. In particular it doesn't say anything about the SOAPAction field. We would like it to be stated that this field should be empty (is one issue we would like to resolve. Specifically we would like the SOAPAction header to be empty. B. There are several two places where something is said to be "an error" and there seems to be a requirement that the services detect these situations. Specifically invalid username/password combinations in secenario one and reuse of nonces in scenario 2. The requirement to detect nonce reuse seems a relatively significant one. In any event who is responsible for creating clients that will test whether the services detect these errors. C. You're using KeyIdentifier in Scenario #2 to identify the X509 certificate. I can understand the motivation for this, but I don't think the X509 profile allows it. I admit the X509 profile isn't completely clear about what is allowed, but the only mechanism it discusses is the use of a BinarySecurityToken and a direct reference. D. Scenario 2 doesn't say what algorithms should be used for the encryption of the UserNameToken. The example uses tripledes and Scenario 3 does specify tripledes, so I suspect this is just an oversight.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]