W3C home > Mailing lists > Public > public-ws-resource-access-notifications@w3.org > August 2009

WWW/2002/ws/ra/edcopies wst.xml,1.47,1.48

From: Doug Davis via cvs-syncmail <cvsmail@w3.org>
Date: Tue, 18 Aug 2009 21:53:49 +0000
To: public-ws-resource-access-notifications@w3.org
Message-Id: <E1MdWcn-0008Vc-Mf@lionel-hutz.w3.org>
Update of /w3ccvs/WWW/2002/ws/ra/edcopies
In directory hutz:/tmp/cvs-serv32608

Modified Files:
	wst.xml 
Log Message:
7191


Index: wst.xml
===================================================================
RCS file: /w3ccvs/WWW/2002/ws/ra/edcopies/wst.xml,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -d -r1.47 -r1.48
--- wst.xml	18 Aug 2009 21:12:48 -0000	1.47
+++ wst.xml	18 Aug 2009 21:53:47 -0000	1.48
@@ -1413,7 +1413,7 @@
     </div1>
     <div1 id="Security_Considerations">
       <head>Security Considerations</head>
-      <p>It is strongly recommended that the communication between services be
+      <p>It is strongly RECOMMENDED that the communication between services be
     secured using the mechanisms described in <bibref ref="WsSec"/>.</p>
       <p>In order to properly secure messages, the body (even if empty) and all
     relevant headers need to be included in the signature. Specifically, the
@@ -1422,15 +1422,15 @@
     need to be signed along with the body in order to "bind" them together and
     prevent certain types of attacks.</p>
       <p>If a requestor is issuing multiple messages to a resource reference, then
-    it is recommended that a security context be established using the mechanisms
-    described in WS-Trust and WS-SecureConversation. It is further recommended
+    it is RECOMMENDED that a security context be established using the mechanisms
+    described in WS-Trust and WS-SecureConversation. It is further RECOMMENDED
     that if shared secrets are used, message-specific derived keys also be used
     to protect the secret from crypto attacks.</p>
       <p>The access control semantics of resource references is out-of-scope of
     this specification and are specific to each resource reference. Similarly,
     any protection mechanisms on resource references independent of transfer
     (e.g. embedded signatures and encryption) are also out-of-scope.</p>
-      <p>It is recommended that the security considerations of WS-Security also be
+      <p>It is RECOMMENDED that the security considerations of WS-Security also be
     considered.</p>
       <p>While a comprehensive listing of attacks is not feasible, the following
     list summarizes common classes of attacks that apply to this protocol and
@@ -1499,7 +1499,7 @@
           <p>
             <emph>Availability</emph> - All reliable messaging services are
      subject to a variety of availability attacks. Replay detection is a
-     common attack and it is recommended that this be addressed by the
+     common attack and it is RECOMMENDED that this be addressed by the
      mechanisms described in WS-Security. Other attacks, such as network-level
      denial of service attacks are harder to avoid and are outside the scope
      of this specification. That said, care SHOULD be taken to ensure that
Received on Tuesday, 18 August 2009 21:53:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 18 August 2009 21:54:00 GMT