[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] additional issue for issues list
This is already recorded as issue 427 ( for which I have an action to produce a proposal ). I have a problem with your proposed resolution because use of STRs outside the wsse:Security header is clearly in-scope. For example; inside xenc:EncryptedData that appears outside the wsse:SecurityHeader. Gudge > -----Original Message----- > From: frederick.hirsch@nokia.com [mailto:frederick.hirsch@nokia.com] > Sent: 08 September 2005 12:20 > To: wss@lists.oasis-open.org > Cc: concahill@aol.com > Subject: [wss] additional issue for issues list > > We should add an issue based on the following comment on the > public comments list. The comment email includes a proposed > resolution. > > I would suggest changing the proposed resolution by replacing > "MUST" with "outside a wsse:Security header MUST". > " > > Issue relates to wording on lines 814-816 in the latest > draft > > http://www.oasis-open.org/apps/org/workgroup/wss/download.php/ 14284/wss-v1.1-spec-draft-SOAPMessageSecurity-01.pdf > > regards, Frederick > Frederick Hirsch > Nokia > > Public comment: > http://lists.oasis-open.org/archives/wss-comment/200508/msg00017.html > > > Subject: STRs outside of <wsse:Security> header > > From: "Conor P. Cahill" <concahill@aol.com> > To: wss-comment@lists.oasis-open.org > Date: Thu, 18 Aug 2005 17:23:15 -0400 > > Lines 812-814 of the core specificatoin require that uses of the STR > outside of a Security header require that "the meaning of the > response and/or the processing of the reulting references MUST > be specified by the containing element ... " > > This is a bit confusing as a "containing element" doesn't typically > specify processing rules (yes, the specification for that containing > element may do so). This also restricts one from profiling a > use of an > STR within an extension area defined in another specification > (such as a > profile of using an STR as a child of the WS-Addressing <Metadata> EPR > element). > > I would like to propose that we change this to someting along > the lines of: > > Any use of an STR outside of the Security header is outside > the scope of > this specification. Entities desiring to use the STR element MUST > profile the meaning of the response and/or the processing of the > resulting references. > > Conor >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]