OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: New Issue - Timestamps addressed to self

Lines 1199-1202:

To preserve overall integrity of each <wsu:Timestamp> element, it is
strongly RECOMMENDED that each SOAP role only create or update the
appropriate <wsu:Timestamp> element destined to itself (that is, a
<wsse:Security> header whose actor/role is itself) and no
other<wsu:Timestamp> element.

This does not appear to make sense. Why would a software component timestamp
a header addressed to itself?

I cannot see what was intended here. A sender should generally sign any
timestamps is creates. Once signed (along with other message elements) it
cannot be modified without invalidating the signature.  suggest we simply
drop this sentence.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]