[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] ISSUE 190: text for SOAP MustUnderstand issue
I re-read 2.4, etc., of the SOAP 1.2 spec. Is it possible to fully conform to any SOAP header that has an extension point in its schema? The minute someone can put <xs:any namespace="##other" processContents="lax"/> it seems to me that the "mustUnderstand" requirements move up to the application level. > what is it about the contents of the wsse:Security header block that allow > an implementation to know what it may or may not safely ignore? A WS-Security header doesn't get spontaneously generated or processed; it's created and used because of specific application needs. If you follow the slippery slope of Jerry's questions, you are led to conclusion that a receiver can ignore *everything* in a WS-Security header. If it can ignore everything, what does it mean to understand it? I believe that at this point, the concept of mustUnderstand becomes so useless at the WS-Security level, that the only feasible thing to do is leave it to the invoking application. > STSM, Emerging e-business Industry Architecture What's STSM? /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]