[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Interop Scenarios draft issues
> I've encountered several issues when reading interop scenarios > draft (wss-interop1-draft-03.doc): Good catches. Cut and paste errors. I will fix them in the next version. > 1. The chapter 5 states "The Response Body is also signed and > encrypted, reversing the roles of the key pairs identified by the > certificates." But in section 5.3 General Message Flow, there is > "The Responder decrypts the body and then verifies the signature. > If no errors are detected it returns the response without any > security mechanisms." So does it mean, that the response > shouldn't be encrypted and signed ? I will change the last sentence to read: "If no errors are detected it returns the response signing and encrypting the message body. The roles of the key pairs are reversed from that of the request, using the signing key to encrypt and the encryption key to sign." > 2. Section 5.4.3.5 speaks about Username token being contained in > the encrypted body of the SOAP message but to my understanding, > there is no Username token in the third scenario. The same > applies for the section 5.5.3.6. I will change "UsernameToken" to "message body" in both places. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]