[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: additional issue for issues list
We should add an issue based on the following comment on the public comments list. The comment email includes a proposed resolution. I would suggest changing the proposed resolution by replacing "MUST" with "outside a wsse:Security header MUST". " Issue relates to wording on lines 814-816 in the latest draft http://www.oasis-open.org/apps/org/workgroup/wss/download.php/14284/wss-v1.1-spec-draft-SOAPMessageSecurity-01.pdf regards, Frederick Frederick Hirsch Nokia Public comment: http://lists.oasis-open.org/archives/wss-comment/200508/msg00017.html Subject: STRs outside of <wsse:Security> header From: "Conor P. Cahill" <concahill@aol.com> To: wss-comment@lists.oasis-open.org Date: Thu, 18 Aug 2005 17:23:15 -0400 Lines 812-814 of the core specificatoin require that uses of the STR outside of a Security header require that "the meaning of the response and/or the processing of the reulting references MUST be specified by the containing element ... " This is a bit confusing as a "containing element" doesn't typically specify processing rules (yes, the specification for that containing element may do so). This also restricts one from profiling a use of an STR within an extension area defined in another specification (such as a profile of using an STR as a child of the WS-Addressing <Metadata> EPR element). I would like to propose that we change this to someting along the lines of: Any use of an STR outside of the Security header is outside the scope of this specification. Entities desiring to use the STR element MUST profile the meaning of the response and/or the processing of the resulting references. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]