OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xcbf message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xcbf] WSS-XCBF error codes


In looking again more closely to the WSS-X509 dcoument, I note
that WSS-XCBF does not mention error codes (section 3.5).

Perhaps we should add a section for this. I suggest the following
mimicing the text in WSS-X509:

  Implementations may use custom error codes defined in private namespaces
  if needed. But it is recommended that they use the error handling codes defined
  in the WS-Security specification for signature, decryption, encoding and token
  header errors. When using custom error codes, implementations should be
  careful not to introduce security vulnerabilities that may assist an attacker in the
  error codes returned .

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC