[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] Issue 389: Detection of Duplicate IDs
ronald monzillo <Ronald.Monzillo@sun.com> wrote on 05/26/2005 09:38:36 AM: > Is is not sufficient to say something like the following > > The wsse:Security processing MUST generate a fault if it employes any id > attribute in its processing for which there are multiple elements within > the message that share with the same id attribute name and value. It would sufficient if there was any way for the WSS processing to know the complete set of ID attributes used in the message. > Michael McIntosh wrote: > > > Since every WSS implementation, regardless of what STs it supports, must > > know that wsu:Id, xenc:*/ID, and ds:*/ID attributes are of ID type the WSS > > Core can say: > > The wsse:Security processing MUST check for duplicate values from among > > the set of wsu:Id, xenc:*/ID, and ds:*/ID attributes. > > > > The SAML Token Profile can say: > > The wsse:Security processing MUST check for duplicate values from among > > the set of wsu:Id, saml:AssertionID, xenc:*/ID, and ds:*/ID attributes. > > > > Since we'd like the WSS processing to also check any other ID values too, > > the WSS Core can say: > > The wsse:Security processing SHOULD check for duplicate values from among > > the set of ID attributes that it is aware of. > > The wsse:Security processing MUST generate a fault if a duplicate ID value > > is detected. > > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]