- From: Doug Davis via cvs-syncmail <cvsmail@w3.org>
- Date: Tue, 18 Aug 2009 21:25:05 +0000
- To: public-ws-resource-access-notifications@w3.org
Update of /w3ccvs/WWW/2002/ws/ra/edcopies
In directory hutz:/tmp/cvs-serv30440
Modified Files:
wsenum.html wsenum.xml
Log Message:
7193
Index: wsenum.html
===================================================================
RCS file: /w3ccvs/WWW/2002/ws/ra/edcopies/wsenum.html,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -d -r1.49 -r1.50
--- wsenum.html 18 Aug 2009 20:54:30 -0000 1.49
+++ wsenum.html 18 Aug 2009 21:25:03 -0000 1.50
@@ -88,8 +88,8 @@
this enumeration context over the span of one or more SOAP
messages.
</p><p>
- Somewhere, state must be maintained regarding
- the progress of the iteration. This state may be maintained between
+ Somewhere, state MUST be maintained regarding
+ the progress of the iteration. This state MAY be maintained between
requests by the data source being enumerated or by the data
consumer. WS-Enumeration allows the data source to decide, on a
request-by-request basis, which party will be responsible for
@@ -101,33 +101,33 @@
the body of a SOAP message. Each subsequent Pull operation returns
the next N elements in the aggregate sequence.
</p><p>
- A data source may provide a custom mechanism for
+ A data source MAY provide a custom mechanism for
starting a new enumeration. For instance, a data source that
- provides access to a SQL database may support a SELECT operation
+ provides access to a SQL database can support a SELECT operation
that performs a database query and uses an explicit database cursor
to iterate through the returned rows. In general, however, it is
simpler if all data sources support a single, standard operation to
start an enumeration. This specification defines such an operation,
- Enumerate, that data sources may implement for starting a new
+ Enumerate, that data sources MAY implement for starting a new
enumeration of a data source. The Enumerate operation is used to
create new enumeration contexts for subsequent traversal/retrieval.
Each Enumerate operation results in a distinct enumeration context,
each with its own logical cursor/position.
</p><p>
- It should be emphasized that different
- enumerations of the same data source may produce different results;
- this may happen even for two enumeration contexts created
+ Note that different
+ enumerations of the same data source can produce different results;
+ this can happen even for two enumeration contexts created
concurrently by a single consumer using identical Enumerate
- requests. In general, the consumer of an enumeration should not
+ requests. In general, the consumer of an enumeration SHOULD NOT
make any assumptions about the ordering or completeness of the
enumeration; the returned data items represent a selection by the
data source of items it wishes to present to that consumer at that
time in that order, with no guarantee that every available item is
returned or that the order in which items is returned has any
semantic meaning whatsoever (of course, any specific data source
- may provide strong guarantees, if so desired). In particular, it
- should be noted that the very act of enumerating the contents of a
- data source may modify the contents of the data source; for
+ can provide strong guarantees, if so desired). In particular,
+ note that the very act of enumerating the contents of a
+ data source can modify the contents of the data source; for
instance, a queue might be represented as a data source such that
items that are returned in a Pull response are removed from the
queue.
@@ -214,8 +214,8 @@
In cases where it is either desirable or necessary for the receiver
of a request that has been extended to indicate that it has
recognized and accepted the semantics associated with that extension,
- it is recommended that the receiver add a corresponding extension
- to the response message. The definition of an extension should clearly
+ it is RECOMMENDED that the receiver add a corresponding extension
+ to the response message. The definition of an extension SHOULD clearly
specify how the extension that appears in the response correlates
with that in the corresponding request.
</p><p>
@@ -292,7 +292,7 @@
<h2><a name="EnumMsgs" id="EnumMsgs"/>3 Enumeration Messages</h2><p>
Enumeration contexts represent a specific
traversal through a sequence of XML information items. An Enumerate
- operation may be used to establish an enumeration context from a
+ operation MAY be used to establish an enumeration context from a
data source. A Pull operation is used to fetch information items
from a data source according to a specific enumeration context. A
Release operation is used to tell a data source that the consumer
@@ -303,14 +303,14 @@
that is opaque to the consumer. Initially, the consumer gets an
enumeration context from the data source by means of an Enumerate
operation. The consumer then passes that XML data back to the data
- source in the Pull request. Optionally, the data source may return
+ source in the Pull request. Optionally, the data source MAY return
an updated enumeration context in the Pull response; when present,
- this new enumeration context should replace the old one on the
- consumer, and should be passed to the data source in all future
+ this new enumeration context SHOULD replace the old one on the
+ consumer, and SHOULD be passed to the data source in all future
responses until and unless the data source again returns an updated
enumeration context.
</p><p>
- Consumers should not reuse old enumeration
+ Consumers SHOULD NOT reuse old enumeration
contexts that have been replaced by the data source. Using a
replaced enumeration context in a Pull response MAY yield undefined
results, including being ignored or generating a
@@ -324,10 +324,10 @@
Callers MAY issue a Release operation against a
valid enumeration context at any time, which causes the enumeration
context to become invalid and allows the data source to free up any
- resources it may have allocated to the enumeration. Issuing a
+ resources it might have allocated to the enumeration. Issuing a
Release operation prior to reaching the end of the sequence of
elements is explicitly allowed; however, no further operations
- should be issued after a Release.
+ SHOULD be issued after a Release.
</p><p>
In addition, the data source MAY invalidate an
enumeration context at any time, as necessary.
@@ -335,7 +335,7 @@
<h3><a name="Enumerate" id="Enumerate"/>3.1 Enumerate</h3><p>
All data sources MUST support some operation
that allows an enumeration to be started. A data source MAY support
- the Enumerate operation, or it may provide some other mechanism for
+ the Enumerate operation, or it MAY provide some other mechanism for
starting an enumeration and receiving an enumeration
context.
</p><p>
@@ -367,7 +367,7 @@
Requested expiration time for the
enumeration. (No implied value.) The data source defines the actual
expiration and is not constrained to use a time less or greater
- than the requested expiration. The expiration time may be a
+ than the requested expiration. The expiration time MAY be a
specific time or a duration from the enumeration's creation time.
Both specific times and durations are interpreted based on the data
source's clock.
@@ -387,7 +387,7 @@
MUST generate a wsen:InvalidExpirationTime fault indicating that an
invalid expiration time was requested.
</p><p>
- Some data sources may not have a "wall time"
+ Some data sources might not have a "wall time"
clock available, and so are able only to accept durations as
expirations. If such a source receives an Enumerate request
containing a specific time expiration, then the request MUST fail;
@@ -398,7 +398,7 @@
This optional element contains a Boolean
predicate in some dialect (see <b>[<a href="#Dialect">[Body]/wsen:Enumerate/wsen:Filter/@Dialect </a>]</b>)
that all elements of
- interest must satisfy. The resultant enumeration context MUST NOT
+ interest MUST satisfy. The resultant enumeration context MUST NOT
return elements for which this predicate expression evaluates to
the value false. If this element is absent, then the implied value
is the expression true(), indicating that no filtering is
@@ -596,7 +596,7 @@
</p></li><li><p>
Context expired
</p></li></ol></p><p>
- Note that the data source may not be able to
+ Note that the data source might not be able to
determine that an enumeration context is not valid, especially if
all of the state associated with the enumeration is kept in the
enumeration context and refreshed on every
@@ -635,10 +635,10 @@
Even if a Pull request contains a
MaxCharacters element, the consumer MUST be prepared to receive a
Pull response that contains more data characters than specified, as
- XML canonicalization or alternate XML serialization algorithms may
+ XML canonicalization or alternate XML serialization algorithms can
change the size of the representation.
</p><p>
- It may happen that the next item the data
+ It can happen that the next item the data
source would return to the consumer is larger than MaxCharacters.
In this case, the data source MAY skip the item, or MAY return an
abbreviated representation of the item that fits inside
@@ -655,7 +655,7 @@
further constrained by this specification.
</p><p>
Upon receipt of a Pull request message, the
- data source may wait as long as it deems necessary (but not longer
+ data source MAY wait as long as it deems necessary (but not longer
than the value of the wsen:MaxTime element, if present) to produce
a message for delivery to the consumer. The data source MUST
recognize the wsen:MaxTime element and return a
@@ -664,8 +664,8 @@
</p><p>
Note, however, that this fault SHOULD NOT cause
the enumeration context to become invalid (of course, the data
- source may invalidate the enumeration context for other reasons).
- That is, the requestor should be able to issue additional Pull
+ source MAY invalidate the enumeration context for other reasons).
+ That is, the requestor can issue additional Pull
requests using this enumeration context after receiving this fault.
</p><p>
Upon successful processing of a Pull request
@@ -708,7 +708,7 @@
wsen:EndOfSequence MUST appear. It is possible for both to appear
if items are returned and the sequence is exhausted. Similarly,
wsen:EnumerationContext and wsen:EndOfSequence MUST NOT both
- appear; neither may appear, or one without the other, but not both
+ appear; neither can appear, or one without the other, but not both
in the same PullResponse.
</p><p><a href="#pullReq">Example 3-3</a> lists a Pull request.
</p><div class="exampleOuter">
@@ -740,9 +740,9 @@
Lines (05-07) in <a href="#pullReq">Example 3-3</a> indicate this message
is a Pull request and that the data source is expected to respond
with a Pull response message. Line (21) indicates that the response
- message should be generated no more than 30 seconds after receipt
+ message SHOULD be generated no more than 30 seconds after receipt
of the Pull request message. Line (22) indicates that no more than
- 10 elements should be returned in the body of the Pull response
+ 10 elements can be returned in the body of the Pull response
message.
</p><p><a href="#pullRes">Example 3-4</a> lists a response to the request in
<a href="#pullReq">Example 3-3</a>.
@@ -1131,7 +1131,7 @@
that the wsen:EndTo EPR is unusable.
</p><table border="1"><tbody><tr><td><b>[Code]</b></td><td>s12:Sender</td></tr><tr><td><b>[Subcode]</b></td><td>wsen:UnusableEPR</td></tr><tr><td><b>[Reason]</b></td><td>The wsen:EndTo EPR is unusable.</td></tr><tr><td><b>[Detail]</b></td><td><em> Details as to why the EPR is unusable. </em></td></tr></tbody></table></div></div><div class="div1">
<h2><a name="Security" id="Security"/>5 Security Considerations</h2><p>
- It is strongly recommended that the
+ It is strongly RECOMMENDED that the
communication between services be secured using the mechanisms
described in <a href="#WSSecurity">[WS-Security]</a>.
</p><p>
@@ -1145,13 +1145,13 @@
</p><p>
If a requestor is issuing multiple messages to a
Web service, such as when a consumer is enumerating a data source,
- it is recommended that a security context be established using the
+ it is RECOMMENDED that a security context be established using the
mechanisms described in <a href="#WSSecureConversation">[WS-SecureConversation]</a>. It is often
appropriate to establish a security context that is used both for
the initiation of enumeration (i.e., the Enumerate request or an
equivalent service-specific request) and the actual enumeration
- itself (i.e., the Pull requests). It is further recommended that if
- shared secrets are used, message-specific derived keys should be
+ itself (i.e., the Pull requests). It is further RECOMMENDED that if
+ shared secrets are used, message-specific derived keys SHOULD be
used to protect the secret from crypto attacks.
</p><p>
The access control semantics of data sources is
@@ -1160,7 +1160,7 @@
source independent of their transfer (e.g. embedded signatures and
encryption) are also out-of-scope.
</p><p>
- It is recommended that the security
+ It is RECOMMENDED that the security
considerations of WS-Security also be considered.
</p><p>
While a comprehensive set of attacks is not
@@ -1175,21 +1175,21 @@
messages.
</p></li><li><p><em>Invalid tokens</em>
- There are a number of token attacks including certificate
- authorities, false signatures, and PKI attacks. Care should be taken
+ authorities, false signatures, and PKI attacks. Care SHOULD be taken
to ensure each token is valid (usage window, digest, signing
authority, revocation, ...), and that the appropriate delegation
policies are in compliance.
</p></li><li><p><em>Man-in-the-middle</em>
- The message exchanges in this
specification could be subject to man-in-the-middle attacks so care
- should be taken to reduce possibilities here such as establishing a
+ SHOULD be taken to reduce possibilities here such as establishing a
secure channel and verifying that the security tokens user
represent identities authorized to speak for, or on behalf of, the
desired resource reference.
</p></li><li><p><em>Message alteration</em>
- Alteration is prevented by
including signatures of the message information using WS-Security.
- Care should be taken to review message part references
+ Care SHOULD be taken to review message part references
to ensure they haven't been forged (e.g. ID duplication).
</p></li><li><p><em>Message disclosure</em>
- Confidentiality is preserved
@@ -1215,10 +1215,10 @@
- All reliable
messaging services are subject to a variety of availability
attacks. Replay detection is a common attack and it is
- recommended that this be addressed by the mechanisms described in
+ RECOMMENDED that this be addressed by the mechanisms described in
WS-Security. Other attacks, such as network-level
denial of service attacks are harder to avoid and are outside the
- scope of this specification. That said, care should be
+ scope of this specification. That said, care SHOULD be
taken to ensure that minimal state is saved prior to any
authenticating sequences.
</p></li></ul></div><div class="div1">
@@ -1304,7 +1304,7 @@
(See http://www.w3.org/TR/1999/REC-xpath-19991116.)</dd></dl></div></div><div class="back"><div class="div1">
<h2><a name="schema" id="schema"/>A XML Schema</h2><p>
A normative copy of the XML Schema <a href="#XMLSchema1">[XMLSchema - Part 1]</a>,
- <a href="#XMLSchema2">[XMLSchema - Part 2]</a> description for this specification may be
+ <a href="#XMLSchema2">[XMLSchema - Part 2]</a> description for this specification can be
retrieved from the following address:
</p><div class="exampleOuter"><div class="exampleInner"><pre><a href="http://www.w3.org/2009/02/ws-enu/enumeration.xsd">http://www.w3.org/2009/02/ws-enu/enumeration.xsd</a></pre></div></div><p>
A non-normative copy of the XML schema is listed below for convenience.
@@ -1553,7 +1553,7 @@
</xs:schema></pre></div></div></div><div class="div1">
<h2><a name="WSDL" id="WSDL"/>B WSDL</h2><p>
A normative copy of the WSDL <a href="#WSDL11">[WSDL11]</a>
- description for this specification may be retrieved from the
+ description for this specification can be retrieved from the
following address:
</p><div class="exampleOuter"><div class="exampleInner"><pre><a href="http://www.w3.org/2009/02/ws-enu/enumeration.wsdl">http://www.w3.org/2009/02/ws-enu/enumeration.wsdl</a></pre></div></div><p>
A non-normative copy of the WSDL description is
@@ -1682,4 +1682,5 @@
<a href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=6956">6956</a></td></tr><tr><td> 2009/08/05 </td><td> DD </td><td> Added resolution of issue
<a href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=7159">7159</a></td></tr><tr><td> 2009/08/06 </td><td> DD </td><td> Added resolution of issue
<a href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=7192">7192</a></td></tr><tr><td> 2009/08/18 </td><td> DD </td><td> Added resolution of issue
- <a href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=7206">7206</a></td></tr></tbody></table></div></div></body></html>
\ No newline at end of file
+ <a href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=7206">7206</a></td></tr><tr><td> 2009/08/18 </td><td> DD </td><td> Added resolution of issue
+ <a href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=7193">7193</a></td></tr></tbody></table></div></div></body></html>
\ No newline at end of file
Index: wsenum.xml
===================================================================
RCS file: /w3ccvs/WWW/2002/ws/ra/edcopies/wsenum.xml,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -d -r1.41 -r1.42
--- wsenum.xml 18 Aug 2009 21:10:01 -0000 1.41
+++ wsenum.xml 18 Aug 2009 21:25:03 -0000 1.42
@@ -108,8 +108,8 @@
messages.
</p>
<p>
- Somewhere, state must be maintained regarding
- the progress of the iteration. This state may be maintained between
+ Somewhere, state MUST be maintained regarding
+ the progress of the iteration. This state MAY be maintained between
requests by the data source being enumerated or by the data
consumer. WS-Enumeration allows the data source to decide, on a
request-by-request basis, which party will be responsible for
@@ -123,34 +123,34 @@
the next N elements in the aggregate sequence.
</p>
<p>
- A data source may provide a custom mechanism for
+ A data source MAY provide a custom mechanism for
starting a new enumeration. For instance, a data source that
- provides access to a SQL database may support a SELECT operation
+ provides access to a SQL database can support a SELECT operation
that performs a database query and uses an explicit database cursor
to iterate through the returned rows. In general, however, it is
simpler if all data sources support a single, standard operation to
start an enumeration. This specification defines such an operation,
- Enumerate, that data sources may implement for starting a new
+ Enumerate, that data sources MAY implement for starting a new
enumeration of a data source. The Enumerate operation is used to
create new enumeration contexts for subsequent traversal/retrieval.
Each Enumerate operation results in a distinct enumeration context,
each with its own logical cursor/position.
</p>
<p>
- It should be emphasized that different
- enumerations of the same data source may produce different results;
- this may happen even for two enumeration contexts created
+ Note that different
+ enumerations of the same data source can produce different results;
+ this can happen even for two enumeration contexts created
concurrently by a single consumer using identical Enumerate
- requests. In general, the consumer of an enumeration should not
+ requests. In general, the consumer of an enumeration SHOULD NOT
make any assumptions about the ordering or completeness of the
enumeration; the returned data items represent a selection by the
data source of items it wishes to present to that consumer at that
time in that order, with no guarantee that every available item is
returned or that the order in which items is returned has any
semantic meaning whatsoever (of course, any specific data source
- may provide strong guarantees, if so desired). In particular, it
- should be noted that the very act of enumerating the contents of a
- data source may modify the contents of the data source; for
+ can provide strong guarantees, if so desired). In particular,
+ note that the very act of enumerating the contents of a
+ data source can modify the contents of the data source; for
instance, a queue might be represented as a data source such that
items that are returned in a Pull response are removed from the
queue.
@@ -534,7 +534,7 @@
<p>
Enumeration contexts represent a specific
traversal through a sequence of XML information items. An Enumerate
- operation may be used to establish an enumeration context from a
+ operation MAY be used to establish an enumeration context from a
data source. A Pull operation is used to fetch information items
from a data source according to a specific enumeration context. A
Release operation is used to tell a data source that the consumer
@@ -546,15 +546,15 @@
that is opaque to the consumer. Initially, the consumer gets an
enumeration context from the data source by means of an Enumerate
operation. The consumer then passes that XML data back to the data
- source in the Pull request. Optionally, the data source may return
+ source in the Pull request. Optionally, the data source MAY return
an updated enumeration context in the Pull response; when present,
- this new enumeration context should replace the old one on the
- consumer, and should be passed to the data source in all future
+ this new enumeration context SHOULD replace the old one on the
+ consumer, and SHOULD be passed to the data source in all future
responses until and unless the data source again returns an updated
enumeration context.
</p>
<p>
- Consumers should not reuse old enumeration
+ Consumers SHOULD NOT reuse old enumeration
contexts that have been replaced by the data source. Using a
replaced enumeration context in a Pull response MAY yield undefined
results, including being ignored or generating a
@@ -570,10 +570,10 @@
Callers MAY issue a Release operation against a
valid enumeration context at any time, which causes the enumeration
context to become invalid and allows the data source to free up any
- resources it may have allocated to the enumeration. Issuing a
+ resources it might have allocated to the enumeration. Issuing a
Release operation prior to reaching the end of the sequence of
elements is explicitly allowed; however, no further operations
- should be issued after a Release.
+ SHOULD be issued after a Release.
</p>
<p>
In addition, the data source MAY invalidate an
@@ -586,7 +586,7 @@
<p>
All data sources MUST support some operation
that allows an enumeration to be started. A data source MAY support
- the Enumerate operation, or it may provide some other mechanism for
+ the Enumerate operation, or it MAY provide some other mechanism for
starting an enumeration and receiving an enumeration
context.
</p>
@@ -637,7 +637,7 @@
Requested expiration time for the
enumeration. (No implied value.) The data source defines the actual
expiration and is not constrained to use a time less or greater
- than the requested expiration. The expiration time may be a
+ than the requested expiration. The expiration time MAY be a
specific time or a duration from the enumeration's creation time.
Both specific times and durations are interpreted based on the data
source's clock.
@@ -661,7 +661,7 @@
</p>
<p>
- Some data sources may not have a "wall time"
+ Some data sources might not have a "wall time"
clock available, and so are able only to accept durations as
expirations. If such a source receives an Enumerate request
containing a specific time expiration, then the request MUST fail;
@@ -680,7 +680,7 @@
This optional element contains a Boolean
predicate in some dialect (see <specref ref="Dialect"/>)
that all elements of
- interest must satisfy. The resultant enumeration context MUST NOT
+ interest MUST satisfy. The resultant enumeration context MUST NOT
return elements for which this predicate expression evaluates to
the value false. If this element is absent, then the implied value
is the expression true(), indicating that no filtering is
@@ -1007,7 +1007,7 @@
</p>
<p>
- Note that the data source may not be able to
+ Note that the data source might not be able to
determine that an enumeration context is not valid, especially if
all of the state associated with the enumeration is kept in the
enumeration context and refreshed on every
@@ -1069,11 +1069,11 @@
Even if a Pull request contains a
MaxCharacters element, the consumer MUST be prepared to receive a
Pull response that contains more data characters than specified, as
- XML canonicalization or alternate XML serialization algorithms may
+ XML canonicalization or alternate XML serialization algorithms can
change the size of the representation.
</p>
<p>
- It may happen that the next item the data
+ It can happen that the next item the data
source would return to the consumer is larger than MaxCharacters.
In this case, the data source MAY skip the item, or MAY return an
abbreviated representation of the item that fits inside
@@ -1097,7 +1097,7 @@
<p>
Upon receipt of a Pull request message, the
- data source may wait as long as it deems necessary (but not longer
+ data source MAY wait as long as it deems necessary (but not longer
than the value of the wsen:MaxTime element, if present) to produce
a message for delivery to the consumer. The data source MUST
recognize the wsen:MaxTime element and return a
@@ -1108,8 +1108,8 @@
<p>
Note, however, that this fault SHOULD NOT cause
the enumeration context to become invalid (of course, the data
- source may invalidate the enumeration context for other reasons).
- That is, the requestor should be able to issue additional Pull
+ source MAY invalidate the enumeration context for other reasons).
+ That is, the requestor can issue additional Pull
requests using this enumeration context after receiving this fault.
</p>
@@ -1189,7 +1189,7 @@
wsen:EndOfSequence MUST appear. It is possible for both to appear
if items are returned and the sequence is exhausted. Similarly,
wsen:EnumerationContext and wsen:EndOfSequence MUST NOT both
- appear; neither may appear, or one without the other, but not both
+ appear; neither can appear, or one without the other, but not both
in the same PullResponse.
</p>
@@ -1230,9 +1230,9 @@
Lines (05-07) in <specref ref="pullReq"/> indicate this message
is a Pull request and that the data source is expected to respond
with a Pull response message. Line (21) indicates that the response
- message should be generated no more than 30 seconds after receipt
+ message SHOULD be generated no more than 30 seconds after receipt
of the Pull request message. Line (22) indicates that no more than
- 10 elements should be returned in the body of the Pull response
+ 10 elements can be returned in the body of the Pull response
message.
</p>
@@ -2102,7 +2102,7 @@
<head>Security Considerations</head>
<p>
- It is strongly recommended that the
+ It is strongly RECOMMENDED that the
communication between services be secured using the mechanisms
described in <bibref ref="WSSecurity"/>.
</p>
@@ -2118,13 +2118,13 @@
<p>
If a requestor is issuing multiple messages to a
Web service, such as when a consumer is enumerating a data source,
- it is recommended that a security context be established using the
+ it is RECOMMENDED that a security context be established using the
mechanisms described in <bibref ref="WSSecureConversation"/>. It is often
appropriate to establish a security context that is used both for
the initiation of enumeration (i.e., the Enumerate request or an
equivalent service-specific request) and the actual enumeration
- itself (i.e., the Pull requests). It is further recommended that if
- shared secrets are used, message-specific derived keys should be
+ itself (i.e., the Pull requests). It is further RECOMMENDED that if
+ shared secrets are used, message-specific derived keys SHOULD be
used to protect the secret from crypto attacks.
</p>
<p>
@@ -2135,7 +2135,7 @@
encryption) are also out-of-scope.
</p>
<p>
- It is recommended that the security
+ It is RECOMMENDED that the security
considerations of WS-Security also be considered.
</p>
<p>
@@ -2161,7 +2161,7 @@
<p>
<emph>Invalid tokens</emph>
- There are a number of token attacks including certificate
- authorities, false signatures, and PKI attacks. Care should be taken
+ authorities, false signatures, and PKI attacks. Care SHOULD be taken
to ensure each token is valid (usage window, digest, signing
authority, revocation, ...), and that the appropriate delegation
policies are in compliance.
@@ -2173,7 +2173,7 @@
<emph>Man-in-the-middle</emph>
- The message exchanges in this
specification could be subject to man-in-the-middle attacks so care
- should be taken to reduce possibilities here such as establishing a
+ SHOULD be taken to reduce possibilities here such as establishing a
secure channel and verifying that the security tokens user
represent identities authorized to speak for, or on behalf of, the
desired resource reference.
@@ -2185,7 +2185,7 @@
<emph>Message alteration</emph>
- Alteration is prevented by
including signatures of the message information using WS-Security.
- Care should be taken to review message part references
+ Care SHOULD be taken to review message part references
to ensure they haven't been forged (e.g. ID duplication).
</p>
</item>
@@ -2236,10 +2236,10 @@
- All reliable
messaging services are subject to a variety of availability
attacks. Replay detection is a common attack and it is
- recommended that this be addressed by the mechanisms described in
+ RECOMMENDED that this be addressed by the mechanisms described in
WS-Security. Other attacks, such as network-level
denial of service attacks are harder to avoid and are outside the
- scope of this specification. That said, care should be
+ scope of this specification. That said, care SHOULD be
taken to ensure that minimal state is saved prior to any
authenticating sequences.
</p>
@@ -2401,7 +2401,7 @@
<p>
A normative copy of the XML Schema <bibref ref='XMLSchema1'/>,
- <bibref ref='XMLSchema2'/> description for this specification may be
+ <bibref ref='XMLSchema2'/> description for this specification can be
retrieved from the following address:
</p>
@@ -2665,7 +2665,7 @@
<p>
A normative copy of the WSDL <bibref ref="WSDL11"/>
- description for this specification may be retrieved from the
+ description for this specification can be retrieved from the
following address:
</p>
@@ -2953,6 +2953,13 @@
<loc href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=7206">7206</loc>
</td>
</tr>
+ <tr>
+ <td> 2009/08/18 </td>
+ <td> DD </td>
+ <td> Added resolution of issue
+ <loc href="http://www.w3.org/Bugs/Public/show_bug.cgi?id=7193">7193</loc>
+ </td>
+ </tr>
</tbody>
</table>
</div1>
Received on Tuesday, 18 August 2009 21:25:16 UTC