[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] ISSUE 190: text for SOAP MustUnderstand issue
> From: David Orchard [mailto:dorchard@bea.com] > > If I understand B) correctly, a targeted security receiver > of a mandator security header could have a security policy > which says "do not generate a fault under any situation, > including not understanding wss specification elements"? > Yes, that is my understanding of the will of the TC. The rough idea is that if the receiver has a (presumably low-value) resource that can be accessed no matter what the security properties of the request, the sender can't force the receiver to care what's in the wsse:Security. - irving - > > -----Original Message----- > > From: Reid, Irving [mailto:irving.reid@hp.com] > > Sent: Wednesday, December 03, 2003 11:10 AM > > To: David Orchard; wss@lists.oasis-open.org > > Subject: RE: [wss] ISSUE 190: text for SOAP MustUnderstand issue > > > > > > This was an earlier attempt. The new text (which I intend to > > get out by the end of the week) will say something like: > > > > A) The receiver must implement the WS-Security specification > > B) If any element within the wsse:Security header is not > > understood or implemented by the receiver, whether that > > element is part of the WSS specification or is an extension, > > the decision about whether to generate a fault is based on > > the receiver's security policy > > > > So, the short answer to your questions are "no" and "no". By > > my understanding of the discussion around this issue, the TC > > has decided not to give the sender control over how its > > message is interpreted through any sort of internal > criticality flags. > > > > - irving -
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]