OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: questions on issues list and recent draft of core

Comments on core sent 1/12 5:57.

I am having trouble keeping up with all the revisions
but I made an attempt to understand how the
issues marked as closed actually were resolved. I wasn't able
to get through the whole list of issues, but I was able to identify
the following issues for which I have questions.


issue 13: Element ordering in security tag
    marked closed, although  lines 445 and lines 922 seem contradictory.
granted that the word "existing in line 923 does allow some latitude
WRT to possibly coming up with the correct interpretation.
The text at lines 856-857 is out of place, and adds additional confusion
wrt to the prepending rules. Issue 143 from the WSI BSP and the comments
from the W3C XMLP WG (issue 201) also cited lines 856-857 as being 

issue 62: versioning mechanism (pardon me if I miss understood the 
but it looks like we agreed to add a version attribute to STR, and that 
later we
switched to URI valuetypes, but it doesn;t seem like the valuetypes reflect
profile version. Did we loose track of the versioning issue? Is also 
seems like
issues 115 and 117 indicated a need for version info in valueTypes.

issue 173: "Examples use earlier versions of SOAP or early drafts of
SOAP 1.2. Pass thro examples. Editors to make examples consistent with 
SOAP 1.1"
how was this resolved?

issue 187 from the  W3C XMLP WG  and referring to "Two <wsse:Security> 
header blocks MUST NOT have the same value for S:role.", asked why  
can't a message contain multiple wsse:Security header blocks targetted 
at the same recipient, this seems like an uneccessary/arbitrary 
restriction? Did we answer this question?

issue 189 the W3C XMLP WG asked how must compliant implementations 
declare the profiles
they support? Did we answer this question?

issue 198, the W3C XMLP WG asked how section 6.4 qualifies as a framework?

issue 203 from the W3C XMLP WG asked whether "SOAP applications" is 
used in line 920, as this line is really talking about what a WSS 
implementation must do.
issue 217 from W3C XMLP WG asked if a password equivalent should be 
password equivalent should be contained in a wsse:PasswordText or  
wsse:PasswordDigest typed Password element. Did we answer this question?

The following issues are marked as pending, which may mean they are 
waiting feedback
from their submitter. I didn't see anything in the document that I could 
recognize as a
pending fix for these issues.

issue 183 commented on, "This document defines syntax and semantics of 
signatures within a <wsse:Security> element.  This document does not 
specify any signature appearing outside of a <wsse:Security> element. "; 
which remains awkward.

issue 207 from W3C XMLP WG - "Error handling: The specification should 
define the values of the Fault/Reason/Text, Fault/Code/Value and 
Fault/Code/Subcode/Value EIIs".

I stopped at issue 235

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]