You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Barry McGann <ba...@thb.scot.nhs.uk> on 2006/11/01 13:13:35 UTC
re: passwordDigest
Hi,
How do you add a UsernameToken using passwordDigest without nonce and
created?
Cheers
Barry McGann
email: barry.mcgann@thb.scot.nhs.uk
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: passwordDigest
Posted by Barry McGann <ba...@thb.scot.nhs.uk>.
If it was up to me then yes, however the people who provide the service
I am trying to call have decided in their wisdom that they will ignore
the recommendation. I guess I'll just have to add the token myself.
Thanks
Barry
Ruchith Fernando wrote:
> Hi Barry,
>
> Yep true ! however the spec also recommends rejecting any
> UsernameToken that does not use *both* nonce and creation timestamps.
> Therefore in WSS4J, do you think we should allow producing
> UsernameTokens without those elements?
>
> Thanks,
> Ruchith
>
> On 11/3/06, Barry McGann <ba...@thb.scot.nhs.uk> wrote:
>> Hi,
>>
>> I have read the spec, although I was reading version 1.0 but have just
>> read the newer 1.1 and it does state that theses are optional elements,
>> however, if they are included then they must be included in the digest
>> value.
>>
>> Thanks
>>
>> Barry
>>
>>
>> Ruchith Fernando wrote:
>> > Hi,
>> >
>> > It is not possible according to the spec [1]
>> >
>> > Thanks,
>> > Ruchith
>> >
>> > [1]
>> >
>> http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-pr-UsernameTokenProfile-01.pdf
>>
>> >
>> >
>> > On 11/1/06, Barry McGann <ba...@thb.scot.nhs.uk> wrote:
>> >> Hi,
>> >>
>> >> How do you add a UsernameToken using passwordDigest without nonce and
>> >> created?
>> >>
>> >> Cheers
>> >>
>> >> Barry McGann
>> >>
>> >> email: barry.mcgann@thb.scot.nhs.uk
>> >>
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>> >>
>> >>
>> >
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: passwordDigest
Posted by Barry McGann <ba...@thb.scot.nhs.uk>.
If it was up to me then yes, however the people who provide the service
I am trying to call have decided in their wisdom that they will ignore
the recommendation. I guess I'll just have to add the token myself.
Thanks
Barry
Ruchith Fernando wrote:
> Hi Barry,
>
> Yep true ! however the spec also recommends rejecting any
> UsernameToken that does not use *both* nonce and creation timestamps.
> Therefore in WSS4J, do you think we should allow producing
> UsernameTokens without those elements?
>
> Thanks,
> Ruchith
>
> On 11/3/06, Barry McGann <ba...@thb.scot.nhs.uk> wrote:
>> Hi,
>>
>> I have read the spec, although I was reading version 1.0 but have just
>> read the newer 1.1 and it does state that theses are optional elements,
>> however, if they are included then they must be included in the digest
>> value.
>>
>> Thanks
>>
>> Barry
>>
>>
>> Ruchith Fernando wrote:
>> > Hi,
>> >
>> > It is not possible according to the spec [1]
>> >
>> > Thanks,
>> > Ruchith
>> >
>> > [1]
>> >
>> http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-pr-UsernameTokenProfile-01.pdf
>>
>> >
>> >
>> > On 11/1/06, Barry McGann <ba...@thb.scot.nhs.uk> wrote:
>> >> Hi,
>> >>
>> >> How do you add a UsernameToken using passwordDigest without nonce and
>> >> created?
>> >>
>> >> Cheers
>> >>
>> >> Barry McGann
>> >>
>> >> email: barry.mcgann@thb.scot.nhs.uk
>> >>
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>> >>
>> >>
>> >
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: passwordDigest
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi Barry,
Yep true ! however the spec also recommends rejecting any
UsernameToken that does not use *both* nonce and creation timestamps.
Therefore in WSS4J, do you think we should allow producing
UsernameTokens without those elements?
Thanks,
Ruchith
On 11/3/06, Barry McGann <ba...@thb.scot.nhs.uk> wrote:
> Hi,
>
> I have read the spec, although I was reading version 1.0 but have just
> read the newer 1.1 and it does state that theses are optional elements,
> however, if they are included then they must be included in the digest
> value.
>
> Thanks
>
> Barry
>
>
> Ruchith Fernando wrote:
> > Hi,
> >
> > It is not possible according to the spec [1]
> >
> > Thanks,
> > Ruchith
> >
> > [1]
> > http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-pr-UsernameTokenProfile-01.pdf
> >
> >
> > On 11/1/06, Barry McGann <ba...@thb.scot.nhs.uk> wrote:
> >> Hi,
> >>
> >> How do you add a UsernameToken using passwordDigest without nonce and
> >> created?
> >>
> >> Cheers
> >>
> >> Barry McGann
> >>
> >> email: barry.mcgann@thb.scot.nhs.uk
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >>
> >>
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: passwordDigest
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi Barry,
Yep true ! however the spec also recommends rejecting any
UsernameToken that does not use *both* nonce and creation timestamps.
Therefore in WSS4J, do you think we should allow producing
UsernameTokens without those elements?
Thanks,
Ruchith
On 11/3/06, Barry McGann <ba...@thb.scot.nhs.uk> wrote:
> Hi,
>
> I have read the spec, although I was reading version 1.0 but have just
> read the newer 1.1 and it does state that theses are optional elements,
> however, if they are included then they must be included in the digest
> value.
>
> Thanks
>
> Barry
>
>
> Ruchith Fernando wrote:
> > Hi,
> >
> > It is not possible according to the spec [1]
> >
> > Thanks,
> > Ruchith
> >
> > [1]
> > http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-pr-UsernameTokenProfile-01.pdf
> >
> >
> > On 11/1/06, Barry McGann <ba...@thb.scot.nhs.uk> wrote:
> >> Hi,
> >>
> >> How do you add a UsernameToken using passwordDigest without nonce and
> >> created?
> >>
> >> Cheers
> >>
> >> Barry McGann
> >>
> >> email: barry.mcgann@thb.scot.nhs.uk
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >>
> >>
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: passwordDigest
Posted by Barry McGann <ba...@thb.scot.nhs.uk>.
Hi,
I have read the spec, although I was reading version 1.0 but have just
read the newer 1.1 and it does state that theses are optional elements,
however, if they are included then they must be included in the digest
value.
Thanks
Barry
Ruchith Fernando wrote:
> Hi,
>
> It is not possible according to the spec [1]
>
> Thanks,
> Ruchith
>
> [1]
> http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-pr-UsernameTokenProfile-01.pdf
>
>
> On 11/1/06, Barry McGann <ba...@thb.scot.nhs.uk> wrote:
>> Hi,
>>
>> How do you add a UsernameToken using passwordDigest without nonce and
>> created?
>>
>> Cheers
>>
>> Barry McGann
>>
>> email: barry.mcgann@thb.scot.nhs.uk
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: passwordDigest
Posted by Barry McGann <ba...@thb.scot.nhs.uk>.
Hi,
I have read the spec, although I was reading version 1.0 but have just
read the newer 1.1 and it does state that theses are optional elements,
however, if they are included then they must be included in the digest
value.
Thanks
Barry
Ruchith Fernando wrote:
> Hi,
>
> It is not possible according to the spec [1]
>
> Thanks,
> Ruchith
>
> [1]
> http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-pr-UsernameTokenProfile-01.pdf
>
>
> On 11/1/06, Barry McGann <ba...@thb.scot.nhs.uk> wrote:
>> Hi,
>>
>> How do you add a UsernameToken using passwordDigest without nonce and
>> created?
>>
>> Cheers
>>
>> Barry McGann
>>
>> email: barry.mcgann@thb.scot.nhs.uk
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: passwordDigest
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
It is not possible according to the spec [1]
Thanks,
Ruchith
[1] http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-pr-UsernameTokenProfile-01.pdf
On 11/1/06, Barry McGann <ba...@thb.scot.nhs.uk> wrote:
> Hi,
>
> How do you add a UsernameToken using passwordDigest without nonce and
> created?
>
> Cheers
>
> Barry McGann
>
> email: barry.mcgann@thb.scot.nhs.uk
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: passwordDigest
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
It is not possible according to the spec [1]
Thanks,
Ruchith
[1] http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-pr-UsernameTokenProfile-01.pdf
On 11/1/06, Barry McGann <ba...@thb.scot.nhs.uk> wrote:
> Hi,
>
> How do you add a UsernameToken using passwordDigest without nonce and
> created?
>
> Cheers
>
> Barry McGann
>
> email: barry.mcgann@thb.scot.nhs.uk
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org