- From: Jean-Jacques Moreau <jean-jacques.moreau@crf.canon.fr>
- Date: Thu, 25 Sep 2003 09:57:28 +0200
- To: Marc Hadley <Marc.Hadley@Sun.COM>
- Cc: xml-dist-app@w3.org
Great review! I have one comment only. JJ. Marc Hadley wrote: > *** 410 "The <wsse:Security> header block without a specified S:role > MAY be consumed by anyone, but MUST NOT be removed prior to the final > destination or endpoint." What does 'consumed' mean. SOAP 1.2 makes it > clear that SOAP headers without a role attribute are equivalent to > those with a role of > "http://www.w3.org/2003/05/soap-envelope/role/ultimateReceiver". In > both cases the ultimate receiver of the message is the target of the > header block. An active intermediary could still consume the header block; this is part of the processing model. So, unless WSS includes a special header block to implement the above assertion, it cannot be fulfilled, I think.
Received on Thursday, 25 September 2003 03:57:42 UTC