OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wss] Updated Interop Scenarios

Hello,

Here are my comments on interop draft-04.

- Lnes 320, 509 and 653: Each <xenc:EncryptedKey> element has
  "http://www.w3.org/2001/04/xmlenc#EncryptedKey" Type attribute.
  This value is the identifier for the <xenc:EncryptedKey> element
  itself and I think we don't need (should not?) specify it as a Type
  of a <xenc:EncryptedKey> element.

  From the "XML Encryption Syntax and Processing":
| 3.5.1 The EncryptedKey Element
| Identifer 
|   Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" 
| (This can be used within a ds:RetrievalMethod element to identify the
| referent's type.)
| <snip>
| The Type attribute inheritted from EncryptedType can be used to
| further specify the type of the encrypted key if the EncryptionMethod
| Algorithm does not define a unambiguous encoding/representation. 


- Line 314: <xenc:EncryptionMethod> doesn't have the beggining "<".


- Lines 617-619:
| This section describes the processing performed by the Responder. If
| an error is detected, the Responder MUST cease processing the message
| and issue a Fault with a value of FailedAuthentication.

  Second message is received and processed by Requester. If an error
  is detected, what shoud Requester do? I guess just to show error
  message to the operator or write to a log file.


- Lines 532 and 671: The value of the Algorithm attribute of the
  <CanonicalizationMethod> element is not quoted (from draft-04).


- Lnes 381-382: The plus/minus signs must be synchronized with
  lines 298-299.


- Lines 465, 607 and etc.: Though "The Body MUST be first signed and
  then encrypted", <Ping> or <PingResponse> element is encrypted in
  the examples in sections 5.4.4 and 5.5.4.
  What do we want to do?
  - Encrypt the <soap:Body> element (as the sentenses).
  - Encrypt the <Ping> element or <PingResponse> element in the
    <soap:Body> element (as the examples).
  - Encrypt the contents of the <soap:Body> element.
    In this case, the Type attribute of the <EncrypteData> element
    would be "#Content".


---
Toshi

---
NISHIMURA Toshihiro (FAMILY Given)
nishimura.toshi@jp.fujitsu.com
XML Application Technology Dept., PROJECT-A XML, FUJITSU LIMITED

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]