- From: Paul Cotton <Paul.Cotton@microsoft.com>
- Date: Tue, 3 Oct 2006 12:35:10 -0700
- To: "Vincent.Quint@inrialpes.fr" <Vincent.Quint@inrialpes.fr>, "www-tag@w3.org" <www-tag@w3.org>
Given the work of the W3C on web services, can Section 2.1 [1] point at the use of WS-Security [3] for securing SOAP messages including any passwords that might be supplied in clear text? /paulc [1] http://www.w3.org/2001/tag/doc/passwordsInTheClear-52#Secure%20Trasfer [1] http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf Paul Cotton, Microsoft Canada 17 Eleanor Drive, Ottawa, Ontario K2E 6A3 Tel: (613) 225-5445 Fax: (425) 936-7329 mailto:Paul.Cotton@microsoft.com > -----Original Message----- > From: www-tag-request@w3.org [mailto:www-tag-request@w3.org] On Behalf Of > Vincent Quint > Sent: October 2, 2006 5:03 AM > To: www-tag@w3.org > Cc: Vincent.Quint@inrialpes.fr > Subject: New draft TAG finding - Passwords in the Clear > > > All, > > A new draft TAG finding is available for review and comments: > > Passwords in the Clear > > http://www.w3.org/2001/tag/doc/passwordsInTheClear-52 > > Abstract: > > The purpose of this finding is to clarify the security concerns around > using passwords on the world wide web. Specifically, the objective is > to point out a few conclusions the TAG has come to; > 1) Passwords MUST NOT be transmitted in clear test. > 2) Passwords MUST NOT be displayed on the html form in clear test. > The purpose of this paper to explain these findings and give direction > around possible alternatives. > > This will be discussed at the upcoming f2f meeting this week. > Comments on www-tag@w3.org are welcome. > > Vincent. > -------------- > Vincent Quint INRIA Rhône-Alpes > INRIA ZIRST > e-mail: Vincent.Quint@inria.fr 655 avenue de l'Europe > Tel.: +33 4 76 61 53 62 Montbonnot > Fax: +33 4 76 61 52 07 38334 Saint Ismier Cedex > France
Received on Tuesday, 3 October 2006 19:36:00 UTC