[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] ISSUE 190: text for SOAP MustUnderstand issue
I re-read 2.4, etc., of the SOAP 1.2 spec.
Is it possible to fully conform to any SOAP header that has an extension
point in its schema? The minute someone can put
<xs:any namespace="##other" processContents="lax"/>
it seems to me that the "mustUnderstand" requirements move up to the
application level.
> what is it about the contents of the wsse:Security header block that allow
> an implementation to know what it may or may not safely ignore?
A WS-Security header doesn't get spontaneously generated or processed;
it's created and used because of specific application needs. If you
follow the slippery slope of Jerry's questions, you are led to
conclusion that a receiver can ignore *everything* in a WS-Security
header. If it can ignore everything, what does it mean to understand
it? I believe that at this point, the concept of mustUnderstand becomes
so useless at the WS-Security level, that the only feasible thing to do
is leave it to the invoking application.
> STSM, Emerging e-business Industry Architecture
What's STSM?
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]