[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Comments on WSS: SOAP Message Security
Anthony,
Here's are my comments on the latest draft that that you posted this morning.
#1: Lines 181-184: When will we figure out what to replace the "####"'s in the 2 namespaces? :)
#2: Line 293 (Figure line 002). SOAP namespace is declared as S11 but S:Envelope and S:Header is used. This is the same problem in MANY code examples.
#3: Line 326 (Figure line 026): xmlns:wsu needs to be defined somewhere.
#4: Line 335: replace "<Security>" with "<wsse:Security>"
#5: Line 428 and 429: "S:role" is in the wrong font.
#6: Lines 445-454: Need to define "xmlns:wsse" and "xmlns:S"
#7: Line 462: Shouldn't there be an entry for "/wsse:Security/@S:mustUnderstand"?
#8: Line 472: replace "RECCOMENDED" with "RECOMMENDED"
#9: Line 524: Should there be a /wsse:UsernameToken/Username/{any}?
#10: Line 540: Could we add a wsu:Id in the example?
#11: Line 536-547: Need to define xmlns:wsse, xmlns:wsu in the example.
#12: Line 586: Is there a "#HexBinary"??? If #Base64Binary is the default, what are the other options? :)
#13: Line 591: Should there be a /wsse:BinarySecurityToken/{any} as well
#14: Line 748: Is there a "#HexBinary"??? If #Base64Binary is the default, what are the other options? :)
#15: Line 752: Should there be a /wsse:SecurityTokenReference/KeyIdentifier/{any}?
#16: Line 780-795: Need to define "xmlns:wsse" and "xmlns:wsu" in the example.
#17: Line 808: Replace "RECOMMENED" with "RECOMMENDED"
#18: Line 808: Replace "KeyIdentifiers" with "<wsse:KeyIdentifier>'s"
#19: Line 810: Replace "<X509SubjectName>" with "<ds:X509SubjectName>"
#20: Line 823: Replace "SecurityTokenReference" with "<wsse:SecurityTokenReference>"
#21: Line 841: Add "[XMLSIG]" at the end of the line.
#22: Line 875: Change the font for xml:lang and xml:base to make it more readable.
#23: Line 886: Change the font for xsi:type to make it more readable. Also xsi is not defined in the table at line 193
#24: Line 948: *** BIGGIE *** - need to move away from schemas.xmlsoap.org and use the oasis namespace just like we do for wsse and wsu namespaces
#25: Line 973: Same as #24
#26: Line 1004: Same as #24
#27: Line 1007: Add "[XMLSIG]" to the end of the line
#28: Line 1011: Replace "ds:CanonicalizationMethod" with "<ds:CanonicalizationMethod>"
#29: Line 1016: Replace "wsse:TransformationParameters" with "<wsse:TransformationParameters>"
#30: Line 1016: *** BIGGIE *** - secext.xsd does not define "<wsse:TransformationParameters>" it does however define a TransformationProperties...????
#31: Line 1019: Replace "wsse:SecurityTokenReference" with "<wsse:SecurityTokenReference>"
#32: Line 1023: Replace "<wsse:BinarySecurityToke" with ""<wsse:BinarySecurityToken>"
#33: Line 1036: Add "[XMLSIG]" to the end of the line.
#34: Line 1052-1094: Need to define xmlns:wsse, xmlns:wsu and xmlns:ds
#35: Line 1110: Add "[XMLENC]" to the end of the line.
#36: Line 1128-1147: Need to define xmlns:wsse, xmlns:xenc and xmlns:ds
#37: Line 1161-1189: Need to define xmlns:wsse, xmlns:xenc and xmlns:ds
#38: Line 1161-1189: the text talks about a RefernenceList, should we enhance the sample to show how a ReferenceList would look like?
#39: Line 1199: Replace "<Security>" with "<wsse:Security>"
#40: Line 1210: Replace "<Security>" with "<wsse:Security>"
#41: Line 1212: Change the font for "<wsse:Security>"
#42: Line 1223: Replace "<SecurityTokenReference>" with "<wsse:SecurityTokenReference>"
#43: Line 1243: Replace "<ReferenceList>" with "<wsse:ReferenceList>"
#43: Line 1243: Replace "<EncryptedKey>" with "<wsse:EncryptedKey>"
#44: Line 1275: Change font for "<wsu:Timestamp>"
#45: Line 1278-1282: Should we add wsse:Nonce to the example? BTW, Where are Nonce's discussed in the spec? Appendix A just has wsu namespace stuff
#46: Line 1289: Replace "Timestamp" with "<wsu:Timestamp>"
#47: Line 1298: Replace "Timestamp" with "<wsu:Timestamp>"
#49: Line 1302: Change font for "<wsu:MessageExpired>"
#50: Line 1329-1343: Should we add wsse:Nonce to the example? BTW, Where are Nonce's discussed in the spec? Appendix A just has wsu namespace stuff
#51: Line 1350: Need to define xmlns:wsse, xmlns:wsu, xmlns:xenc and xmlns:ds
#52: Line 1456: Replace "(057)" with "(059)"
#53: Line 1458: Replace "(059)" with "(060)"
#54: Line 1480: Change font for "env:Sender" (should env be S12?)
#55: Line 1481: Replace "Texst" with "Text"
#56: Line 1579: Replace "<wsu:Ids>" with "<wsu:Id>'s"
#57: Line 1591: Replace "EncryptedKey" with "<xenc:EncryptedKey>"
#58: Line 1595: Change font for "wsu:Id" AND add angle brackets as well.
#59: Line 1598: "wsu:Id" -> "<wsu:Id>"
#60: Line 1600: dateTime -> "xsd:dateTime"?
#61: Line 1727: Table is missing for example "wsu:TimestampType" which is in the xsd file
Thanks,
dims
Davanum Srinivas
Computer Associates
Senior Architect, Web Services Group
Tel: +1 508 628 8251
davanum.srinivas@ca.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]