OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Interop Scenarios draft issues

I've encountered several issues when reading interop scenarios draft (wss-interop1-draft-03.doc):

1. The chapter 5 states "The Response Body is also signed and encrypted, reversing the roles of the key pairs identified by the certificates." But in section 5.3 General Message Flow, there is "The Responder decrypts the body and then verifies the signature. If no errors are detected it returns the response without any security mechanisms." So does it mean, that the response shouldn't be encrypted and signed ?

2. Section speaks about Username token being contained in the encrypted body of the SOAP message but to my understanding, there is no Username token in the third scenario. The same applies for the section

Jan Alexander, Chief Architect
Systinet Corp. (formerly Idoox)
Dev. Corner (http://dev.systinet.com)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]