- From: Rich Salz <rsalz@datapower.com>
- Date: Mon, 14 Mar 2005 10:30:59 -0500
- To: Hugo Haas <hugo@w3.org>
- CC: public-ws-addressing@w3.org
> Couldn't such information go in the [metadata] bucket? It seems that > we added it for things just like that. Perhaps. If you see my longer note about "trust model," you'll see that we need a way to aggregate a bunch of security information, and make sure it ends up in a WS-Security element. This may be different from other security information that just needs to be used between the client and the epr minter (which, I know, if out of scope; out security model should support some kind of interaction there, however). Yes, a wsa:Security can go into the metadata bucket. But saying that all or any ds:Signature, wsse:SecurityTokenReference, etc., elements get the kind of binding I propsed for wsa:Security, is a mistake. /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
Received on Monday, 14 March 2005 15:30:51 UTC