- From: Jonathan Marsh <jmarsh@microsoft.com>
- Date: Fri, 29 Apr 2005 10:58:53 -0700
- To: <public-ws-addressing-comments@w3.org>
4. Security Considerations "Users of WS-Addressing and EPRs (i.e., entities creating, consuming or receiving Message Addressing Properties and EPRs) SHOULD only use EPRs from sources they trust. For example, such users might only use EPRs that are signed by parties the user of the EPR trusts, or have some out-of-band means of establishing trust." It's not quite clear what the "or have" refers to - the users? The trusted parties? Suggest rewording the last sentence as: "For example, such users might rely on the presence of a verifiable signature by a trusted party over the EPR, or an out-of-band means of establishing trust, to determine whether they should use a particular EPR." In the next paragraph: "integrity protected" -> "integrity-protected" And "Such optional integrity protection might be provided by transport, message level signature, and use of an XML digital signature within EPRs." Seems like this "and" should be "or". For clarity, how about this rewording: "Such optional integrity protection might be provided by a transport or message-level signature, or the use of an XML digital signature within an EPR."
Received on Friday, 29 April 2005 17:59:15 UTC