W3C home > Mailing lists > Public > public-ws-addressing-eds@w3.org > April to June 2005

2004/ws/addressing ws-addr-core.xml,1.77,1.78

From: Marc Hadley via cvs-syncmail <cvsmail@w3.org>
Date: Wed, 18 May 2005 18:24:58 +0000
To: public-ws-addressing-eds@w3.org
Message-Id: <E1DYTE2-0000eq-Fw@lionel-hutz.w3.org>

Update of /sources/public/2004/ws/addressing
In directory hutz:/tmp/cvs-serv2524

Modified Files:
	ws-addr-core.xml 
Log Message:
Added lc63 resolution - editorial fixes to security section

Index: ws-addr-core.xml
===================================================================
RCS file: /sources/public/2004/ws/addressing/ws-addr-core.xml,v
retrieving revision 1.77
retrieving revision 1.78
diff -C2 -d -r1.77 -r1.78
*** ws-addr-core.xml	18 May 2005 18:19:22 -0000	1.77
--- ws-addr-core.xml	18 May 2005 18:24:56 -0000	1.78
***************
*** 785,793 ****
              <p>Users of WS-Addressing and EPRs (i.e., entities creating, consuming or receiving
                  Message Addressing Properties and EPRs) SHOULD only use EPRs from sources they
!                 trust. For example, such users might only use EPRs that are signed by parties the
!                 user of the EPR trusts, or have some out-of-band means of establishing trust.</p>
!             <p>EPRs and message addressing properties SHOULD be integrity protected to prevent
!                 tampering. Such optional integrity protection might be provided by transport,
!                 message level signature, or use of an XML digital signature within EPRs.</p>
              <p>To prevent information disclosure, EPR issuers SHOULD NOT put sensitive information
                  into the [address] or [reference parameters] properties.</p>
--- 785,795 ----
              <p>Users of WS-Addressing and EPRs (i.e., entities creating, consuming or receiving
                  Message Addressing Properties and EPRs) SHOULD only use EPRs from sources they
!                 trust. For example, such users might rely on the presence of a verifiable
!                 signature by a trusted party over the EPR, or an out-of-band means 
!                 of establishing trust, to determine whether they should use a
!                 particular EPR.</p>
!             <p>EPRs and message addressing properties SHOULD be integrity-protected to prevent
!                 tampering. Such optional integrity protection might be provided by the transport,
!                 a message level signature, or use of an XML digital signature within EPRs.</p>
              <p>To prevent information disclosure, EPR issuers SHOULD NOT put sensitive information
                  into the [address] or [reference parameters] properties.</p>
Received on Wednesday, 18 May 2005 18:28:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:19:40 GMT