[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] Groups - oasis-0005-wss-username-token-profile-1.0.pdf modified
Hello, This comment is related to the issue #169. Line 146 including the username in the hash, ... Line 148 including the domain name in the hash, ... Line 150 including some indication of the intended receiver in the hash, ... When using wsse:PasswordDigest type (and Nonce/Created), the following is "MUST" and we can't include the username, domain name, and so on. Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) ) Is it better to include some words to say that new password type is required. For example, Current Line 143-145: Their use requires pre-arrangement (possibly in the form of a separately published profile) among the communicating parties to provide interoperability: Change to: ... pre-arrangement (possibly in the form of a separately published profile which introduces new password type) ... --- NISHIMURA Toshihiro (FAMILY Given) nishimura.toshi@jp.fujitsu.com XML/Web Services Technology Dept., STRATEGY AND TECHNOLOGY DIV., FUJITSU LIMITED
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]