[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] Issue 389: Detection of Duplicate IDs
Is is not sufficient to say something like the following The wsse:Security processing MUST generate a fault if it employes any id attribute in its processing for which there are multiple elements within the message that share with the same id attribute name and value. Michael McIntosh wrote: > Since every WSS implementation, regardless of what STs it supports, must > know that wsu:Id, xenc:*/ID, and ds:*/ID attributes are of ID type the WSS > Core can say: > The wsse:Security processing MUST check for duplicate values from among > the set of wsu:Id, xenc:*/ID, and ds:*/ID attributes. > > The SAML Token Profile can say: > The wsse:Security processing MUST check for duplicate values from among > the set of wsu:Id, saml:AssertionID, xenc:*/ID, and ds:*/ID attributes. > > Since we'd like the WSS processing to also check any other ID values too, > the WSS Core can say: > The wsse:Security processing SHOULD check for duplicate values from among > the set of ID attributes that it is aware of. > The wsse:Security processing MUST generate a fault if a duplicate ID value > is detected. >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]