[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] SwA profile Issue 364 action for TC members
> I think I have to disagree with your definition of the division
> of responsibility between the OASIS TC and the WS-I BSP WG. In fact
> there are lots and lots of places where the OASIS WSS specifications
> say you MUST do something. And there are several places where even
> WS-I has decided to not enforce a MUST.
Okay. I'm guilty of overstating to make a point.
> Are you proposing this should be an SwA extensibility point?
> If so what are the alternate choices?
I don't know if it meets the formal definition of an extensibility
point. (To me, the informal definition is the schema has ##any.)
As for the alternatives, I don't know what to say beyond this:
http://lists.oasis-open.org/archives/wss/200505/msg00008.html
If c14n is mandatory, what happens when I want to sign a subset of
the attached XML, do I have to do c14n/xpath/c14n? Do we require
that the c14n step be the last transform? What if I need the STR
transform or the decryption transform and the result isn't XML?
Why pay the cost of c14n?
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]