[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Paragraph to explain password equivalence
On the conference call last week I took an action item to propose a paragraph explaining that there are common security environments in which the digested UsernameToken cannot be used. Here is the proposed paragraph. I propose to add it at line 104 of version 4. =============== In many security environments passwords or password equivalents are not available. For example, the stored value might be a digest of the password plus a salt. Even if the server stores a digested form that the consumer could compute the security policy might prohibit use of the digested form as a password equivalent. In such environments wsse:PasswordDigest cannot be used.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]