- From: Jonathan Marsh <jmarsh@microsoft.com>
- Date: Mon, 9 May 2005 13:50:30 -0700
- To: "Jonathan Marsh" <jmarsh@microsoft.com>, <public-ws-addressing-comments@w3.org>
Thank me for the comment. The WG agreed to accept these clarifications. I have two weeks to send myself an acceptance. > -----Original Message----- > From: public-ws-addressing-comments-request@w3.org [mailto:public-ws- > addressing-comments-request@w3.org] On Behalf Of Jonathan Marsh > Sent: Friday, April 29, 2005 10:59 AM > To: public-ws-addressing-comments@w3.org > Subject: Editorial: Wording clarifications in Core Section 4 > > > 4. Security Considerations > > "Users of WS-Addressing and EPRs (i.e., entities creating, consuming > or receiving Message Addressing Properties and EPRs) SHOULD only use > EPRs from sources they trust. For example, such users might only use > EPRs that are signed by parties the user of the EPR trusts, or have > some out-of-band means of establishing trust." > > It's not quite clear what the "or have" refers to - the users? The > trusted parties? Suggest rewording the last sentence as: > > "For example, such users might rely on the presence of a verifiable > signature by a trusted party over the EPR, or an out-of-band means > of establishing trust, to determine whether they should use a > particular EPR." > > In the next paragraph: > "integrity protected" -> "integrity-protected" > > And > "Such optional integrity protection might be provided by transport, > message level signature, and use of an XML digital signature within > EPRs." > > Seems like this "and" should be "or". For clarity, how about this > rewording: > > "Such optional integrity protection might be provided by a transport > or message-level signature, or the use of an XML digital signature > within an EPR." >
Received on Monday, 9 May 2005 20:50:37 UTC