You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2012/08/22 18:27:42 UTC

[jira] [Commented] (WSS-360) Port BSP enforcer to streaming code.

    [ https://issues.apache.org/jira/browse/WSS-360?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13439649#comment-13439649 ] 

Colm O hEigeartaigh commented on WSS-360:
-----------------------------------------

Hi Marc,

I've moved the BSPRule stuff to the common module to make use of it for the DOM code as well.

I've noticed the following rules so far which are implemented by the DOM code that do not appear to be implemented by the Stax code:

R3227("A SECURITY_HEADER MUST NOT contain more than one TIMESTAMP"),
R3033("Any X509_TOKEN MUST contain a ValueType attribute with a value of \"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3\""),
R4217("When a SECURITY_TOKEN_REFERENCE, within a SIGNATURE or ENCRYPTED_KEY, refers to a SECURITY_TOKEN named wsse:UsernameToken to derive a key, the SECURITY_TOKEN MUST contain a wsse11:Salt child element"),
R4218("When a SECURITY_TOKEN_REFERENCE, within a SIGNATURE or ENCRYPTED_KEY, refers to a SECURITY_TOKEN named wsse:UsernameToken to derive a key, the SECURITY_TOKEN MUST contain a wsse11:Iteration child element with a value greater than or equal to 1000"),
R5621("When used for Key Transport, any EK_ENCRYPTION_METHOD Algorithm attribute MUST have a value of \"http://www.w3.org/2001/04/xmlenc#rsa-1_5\" or \"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p\""),
    
Colm.

                
> Port BSP enforcer to streaming code.
> ------------------------------------
>
>                 Key: WSS-360
>                 URL: https://issues.apache.org/jira/browse/WSS-360
>             Project: WSS4J
>          Issue Type: Sub-task
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 2.0
>
>
> This task is to port the BSP enforcer used in the DOM code to the streaming code, to enforce Basic Security Profile 1.1 requirements.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org