I agree with > 1. Removal of unnecessary design justification & explanatory material ... > 2. Reorganization of USER/SERVER Auth nonsense. > This needs to be greatly streamlined. > 5. Add in bounds exceeded fault > 6. Use SAML versioning > 8. Use XML Encrypt for encrypting the private key What is #3 Add "UseKeyWith" element? As for #4, add Service URI element: Do you mean to all requests? If so, yes. Should be in reply, too? I dunno. > [I-PayloadAuth] > Require decision on how payload authentication is to be handled, in > particular whether by a SOAP header or a signature within the Request > packet. Put another way: enveloped or detached signatures, right? > [I-PayloadHash] > For establishing correspondence of response to a specific request. Will the hash cover the signature? If so I-PayloadAuth impacts this. > [I-FaultHandling] > We need to address this, how is XP getting on here? What do you want to know? (I'm on the xmlp wg :) > [I-Passphrase] > Needs to become Base64 data at the very least. yes. -- Zolera Systems, http://www.zolera.com Information Integrity, XML SecurityReceived on Wednesday, 6 March 2002 15:49:20 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 20 September 2007 14:30:50 GMT