OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wss] ISSUE 190: text for SOAP MustUnderstand issue


I'm fairly certain that I disagree.

The specification that defines the semantics for the qualified name 
is responsible for defining what it means to "understand" that element 
when carried
as a SOAP header block. It should not, and IMHO must not, abrogate that 
responsibility. I don't believe that you can leave it up to the 
application unless you
provide explicit guidance as to what its choices are in the WS-Security 
itself. If you define it in a separate profile, and that profile is not 
supported, exactly 
what is it about the contents of the wsse:Security header block that allow 
an implementation
to know what it may or may not safely ignore?


Christopher Ferris
STSM, Emerging e-business Industry Architecture
email: chrisfer@us.ibm.com
phone: +1 508 234 3624

Rich Salz <rsalz@datapower.com> wrote on 10/30/2003 11:53:02 AM:

> > I think that you DO need the language I proposed to define what it 
> > to "understand" a wsse:Security header block. Without it, there will 
> > rampant confusion.
> I believe that it's up to the application that uses WSS, and not WSS 
> itself.  I should have made that more explicit in my earlier message.
>    /r$
> -- 
> Rich Salz, Chief Security Architect
> DataPower Technology                           http://www.datapower.com
> XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
> XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]