[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Some editorial mistakes?
Hi. You may know, but I found some incompletnesses. Could you please check following. Firstly, There are inconsistent descriptions between Core and UsernameToken Profile. At least, for non-english-native people will misunderstand... Password element is used to send hashed password(password digest). I think it must be true that a secure transport should be used when plain password is sent, it is ambiguous whether a secure transport should be used or not when digested password is sent. --- Web Services Security SOAP Message Security (Core) Working Draft 11, Monday, 03 March 2003 (1538-1540) If the underlying transport does not provide enough protection against eavesdropping, the password SHOULD be digested as described in Section 6.1.1. --- Web Services Security UsernameToken Profile Working Draft 2, Sunday, 23 February 2003 (127-129) /wsse:UsernameToken/Password This optional element provides password information (or equivalent such as a hash). It is recommended that this element only be passed when a secure transport is being used. --- The last sentence above should be following? It is recommended that this element only be passed when a secure transport is being used and/or password is being digested. --- Secondly, Typo:(730,733) /wsse:SecurityTokenReference/KeyIdentifier/{any} should be /wsse:SecurityTokenReference/embedded/{any} and /wsse:SecurityTokenReference/KeyIdentifier/@{any} should be /wsse:SecurityTokenReference/embedded/@{any} --- Thirdly, Lacking?:(736-749) The following example illustrates embedding a SAML assertion: But, I couldn't find SAML assertion in example... Thanks. --------- Yutaka Kudo, Researcher. Web Services, 201 Research Unit. Systems Development Labo. Hitachi, Ltd.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]