xcbf message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: [xcbf] WSS-XCBF error codes
- From: "Phillip H. Griffin" <phil.griffin@asn-1.com>
- To: "[OASIS XCBF]" <xcbf@lists.oasis-open.org>
- Date: Sun, 24 Nov 2002 06:42:35 -0500
Monica,
In looking again more closely to the WSS-X509 dcoument, I note
that WSS-XCBF does not mention error codes (section 3.5).
Perhaps we should add a section for this. I suggest the following
mimicing the text in WSS-X509:
Implementations may use custom error codes defined in private namespaces
if needed. But it is recommended that they use the error handling codes
defined
in the WS-Security specification for signature, decryption, encoding and
token
header errors. When using custom error codes, implementations should be
careful not to introduce security vulnerabilities that may assist an attacker
in the
error codes returned .
Phil
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC