[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] HMAC Key Derivation in UsernameToken Profile Issue
All, This comment by Srinivas echoes my
sentiments exactly. We should say something about key derivation for the
Username Profile, even if it is to say that it is specified elsewhere. Not all
developers may be familiar with the WS-I BSP at first and this issue is a major
interoperability stumbling block if left open. Senior
Security Architect Sarvega,
Inc. -----Original Message----- Anthony,
Team, My 2
cents...We should address this issue in WSS-TC as there is already a precedent
(WSE 2.0 Tech Preview) and is one of the first stumbling blocks a customer
would face when doing an interop. A customer will find that 2 toolkits claiming
to support the same version of the WSS spec and profiles from OASIS will
NOT work out of the box and the customer will find out that he needs to request
information from the Vendors about not just WSS spec compliance, but also WS-I
BSP compliance which will reduce the importance of this spec. thanks, dims PS:
FYI, i ran into this in may of last year, see attached email on how difficult
it was to get details if the spec is not complete. From: Anthony
Nadalin [mailto:drsecure@us.ibm.com] > What do others think? I still feel strongly that
this issue is a bane on interoperability for the Username Token profile. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]