[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Comments on Interop Scenario Descriptions - New Format
> From: Hal Lockhart [mailto:hlockhar@bea.com] > Subject: [wss] Interop Scenario Descriptions - New Format Section 3.4.3.1, line 150: I don't think the receiver needs to explicitly check that the <wsse:Security> element has mustUnderstand="true"; the regular SOAP mustUnderstand handling would be appropriate. This also applies to the other scenarios. Section 3.5.2, line 186, I think this may be too restrictive - some people may be working with SOAP infrastructures that always add some sort of header. Should we relax this to read: The response message must not contain a <wsse:Security> header. Any other header elements MUST NOT be labeled with a mustUnderstand="true" attribute. This also applies to the second scenario; the last half also applies to the third. Section 4.1.2, lines 220-225: for simplicity, should we use a single keypair so that people don't need to configure point-to-point relationships for every counterpart in the interop testing? Section 5.1.1: Do we really want to sign the data with the public key, and verify it by the Responder having the private key? This scenario would make much more sense if the Requester has the private key and the Responder verifies using the corresponding public certificate. (section 5.4.2.4 implies that this is what you really meant). - irving - ----------------------------------------------------------------------------------------------------------------- The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. Baltimore Technologies plc will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. This footnote confirms that this email message has been swept for Content Security threats, including computer viruses. http://www.baltimore.com This footnote confirms that this email message has been swept by Baltimore MIMEsweeper for Content Security threats, including computer viruses.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]