[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: New Issue - Timestamps addressed to self
Lines 1199-1202: ----- To preserve overall integrity of each <wsu:Timestamp> element, it is strongly RECOMMENDED that each SOAP role only create or update the appropriate <wsu:Timestamp> element destined to itself (that is, a <wsse:Security> header whose actor/role is itself) and no other<wsu:Timestamp> element. ---- This does not appear to make sense. Why would a software component timestamp a header addressed to itself? I cannot see what was intended here. A sender should generally sign any timestamps is creates. Once signed (along with other message elements) it cannot be modified without invalidating the signature. suggest we simply drop this sentence. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]