W3C home > Mailing lists > Public > xml-dist-app@w3.org > October 2003

Re: Complete WSS Review incl Noah's additions

From: Rich Salz <rsalz@datapower.com>
Date: Wed, 15 Oct 2003 10:37:23 -0400
Message-ID: <3F8D5BA3.5070004@datapower.com>
To: Marc Hadley <Marc.Hadley@Sun.COM>
Cc: xml-dist-app@w3.org

> *** SOAP 1.2 is XML Infoset based, SOAP bindings are required to  
> preserve SOAP message infosets when transferring messages. In order to  
> properly integrate with SOAP, the SOAP Message Security specifications  
> need to be recast in Infoset terms. This will require the specification  
> to normatively state the mapping from XML Infoset to the data object  
> (typically an XPath nodeset) used as input to the constituent  
> cryptographic operations (e.g. C14N).

Does the WG feel that it's worthwhile to adopt the terminology of SOAP 
1.2 yet not adopt its entire Infoset approach?  If so, I strongly 
suggest that you add something to that effect here.  It's good that this 
mentions the work that WS-Security would have to do.  I am fairly 
confident that they will reject this item, so you might want to consider 
ways of not forcing them to ignore all the 1.2-related items you raise.

> *** The specification should define the values of the  
> Fault/Reason/Text, Fault/Code/Value and Fault/Code/Subcode/Value EIIs.

Suggest you define EII, if only to remind WS-Security folks who have 
ignored the Infoset. ;)

	/r$
-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html
Received on Wednesday, 15 October 2003 10:38:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:15 GMT