OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [wss] comments on wss-v1.1-spec-pr-UsernameTokenProfile-01.pdf


The subject line reads against UsernameToken but I gather this comment is for the WSS:SOAP Message Security document

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Inactive hide details for Jeff Hodges <Jeff.Hodges@neustar.biz>Jeff Hodges <Jeff.Hodges@neustar.biz>


          Jeff Hodges <Jeff.Hodges@neustar.biz>

          09/15/2005 04:56 PM


To

wss@lists.oasis-open.org

cc

wss-comment@lists.oasis-open.org

Subject

[wss] comments on wss-v1.1-spec-pr-UsernameTokenProfile-01.pdf

a couple of quick, arguably nit-level, editorial comments..

1. RFC 2119 is referenced in the para at line 231, but is not formally cited
there (ie "RFC 2119" is used rather than, say, "[RFC2119]"), nor is it listed
in the section "16 References". Since this is  the basis of the normative MUST,
SHOULD, MAY, etc language, it probably should be fixed up.

2. Although "Appendix D: SecurityTokenReference Model" is clearly claimed as
non-normative in the introductory sentence at line 2319, and again in its final
line (2418), it contains capitalized instances of MUST (line 2362), MAY (line
2366), RECOMMENDED (line 2383), and RECOMMENDS (line 2408; and technically not
a rfc2119 term).


Given this excerpt of rfc2119..

  6. Guidance in the use of these Imperatives

     Imperatives of the type defined in this memo must be used with care
     and sparingly.  In particular, they MUST only be used where it is
     actually required for interoperation or to limit behavior which has
     potential for causing harm (e.g., limiting retransmisssions)  For
     example, they must not be used to try to impose a particular method
     on implementors where the method is not required for
     interoperability.


..I suggest that if we do indeed intend Appendix D to be non-normative, that we
lowercase the 4 words cited above. Else, we consider making appendix D
normative (and leave the words as-is).


JeffH


---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 


GIF image



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]