wss message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Interop Scenarios draft issues
- From: Jan Alexander <alex@systinet.com>
- To: "wss@lists.oasis-open.org" <wss@lists.oasis-open.org>
- Date: Tue, 20 May 2003 09:13:50 +0200
Title:
I've encountered several issues when reading interop scenarios draft
(wss-interop1-draft-03.doc):
1. The chapter 5 states "The Response Body is also
signed and encrypted, reversing the roles of the key pairs identified
by the certificates." But in section 5.3 General Message Flow,
there is "The Responder decrypts
the body and then verifies the signature. If no errors are detected it
returns the response without any security mechanisms." So does it
mean, that the response shouldn't be encrypted and signed ?
2. Section 5.4.3.5 speaks about Username token being contained in the
encrypted body of the SOAP message but to my understanding, there is no
Username token in the third scenario. The same applies for the section
5.5.3.6.
-Jan
--
Jan Alexander, Chief Architect
Systinet Corp. (formerly Idoox)
Dev. Corner (http://dev.systinet.com)
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]