[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] ISSUE 190: text for SOAP MustUnderstand issue
Rich, I'm fairly certain that I disagree. The specification that defines the semantics for the qualified name wsse:Security is responsible for defining what it means to "understand" that element when carried as a SOAP header block. It should not, and IMHO must not, abrogate that responsibility. I don't believe that you can leave it up to the application unless you provide explicit guidance as to what its choices are in the WS-Security specification itself. If you define it in a separate profile, and that profile is not supported, exactly what is it about the contents of the wsse:Security header block that allow an implementation to know what it may or may not safely ignore? Cheers, Christopher Ferris STSM, Emerging e-business Industry Architecture email: chrisfer@us.ibm.com phone: +1 508 234 3624 Rich Salz <rsalz@datapower.com> wrote on 10/30/2003 11:53:02 AM: > > I think that you DO need the language I proposed to define what it means > > to "understand" a wsse:Security header block. Without it, there will be > > rampant confusion. > > I believe that it's up to the application that uses WSS, and not WSS > itself. I should have made that more explicit in my earlier message. > > /r$ > -- > Rich Salz, Chief Security Architect > DataPower Technology http://www.datapower.com > XS40 XML Security Gateway http://www.datapower.com/products/xs40.html > XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]