OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wss] ISSUE 190: text for SOAP MustUnderstand issue

I re-read 2.4, etc., of the SOAP 1.2 spec.

Is it possible to fully conform to any SOAP header that has an extension 
point in its schema?  The minute someone can put
    <xs:any namespace="##other" processContents="lax"/>
it seems to me that the "mustUnderstand" requirements move up to the 
application level.

> what is it about the contents of the wsse:Security header block that allow 
> an implementation to know what it may or may not safely ignore?

A WS-Security header doesn't get spontaneously generated or processed; 
it's created and used because of specific application needs.  If you 
follow the slippery slope of Jerry's questions, you are led to 
conclusion that a receiver can ignore *everything* in a WS-Security 
header.  If it can ignore everything, what does it mean to understand 
it?  I believe that at this point, the concept of mustUnderstand becomes 
so useless at the WS-Security level, that the only feasible thing to do 
is leave it to the invoking application.

> STSM, Emerging e-business Industry Architecture

What's STSM?

Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]