[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Comments on oasis-0005-wss-username-token-profile-1[1].0.pdf
|
Anthony, All – Regarding an
example with intermediate values for the Username Token profile, I think that
at the very least the example XML fragment should contain correct values. That
is, in the example starting on line 211 the text of the <wsse:Password> element should be the “right
answer”, e.g. the encoded SHA-1 hash of the Nonce+Creation
time. Right now the
value doesn’t correctly compute, but it ‘looks’ correct. I
think we should either (a) truncate the <wsse:Password> element content, so at least we
acknowledge the answer is wrong, or (b) put the right answer there. I’ve
already done the computation on my last post, so if someone wants to check it
over, we can just use my result. I used the same intermediate values as used in
the example. Also, what about
the hardwiring of SHA-1 for the digest method? Should we provide an
extensibility point here? Regards, Blake
Dournaee Senior
Security Architect Sarvega,
Inc. http://www.sarvega.com -----Original Message----- Blake, thanks |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]