OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Paragraph to explain password equivalence

On the conference call last week I took an action item to propose a 
paragraph explaining that there are common security environments in which 
the digested UsernameToken cannot be used. Here is the proposed paragraph. 
I propose to add it at line 104 of version 4.

In many security environments passwords or password equivalents are not 
available.  For example, the stored value might be a digest of the password 
plus a salt.  Even if the server stores a digested form that the consumer 
could compute the security policy might prohibit use of the digested form 
as a password equivalent.  In such environments wsse:PasswordDigest cannot 
be used.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]