Question regarding Username Token Profile 1.0 - Jahan Moreh - org.oasis-open.lists.wss-dev

2 messages in org.oasis-open.lists.wss-devQuestion regarding Username Token Pro...

From	Sent On	Attachments
Jahan Moreh	Aug 8, 2005 2:23 pm
Jahan Moreh	Aug 29, 2005 2:08 pm

Subject:	Question regarding Username Token Profile 1.0
From:	Jahan Moreh (jmo...@sigaba.com)
Date:	Aug 29, 2005 2:08:37 pm
List:	org.oasis-open.lists.wss-dev

Colleagues - WSS Username Token Profile 1.0 lines 108-109 states: If either or both of <wsse:Nonce> and <wsu:Created> are present they MUST be included in the digest value as follows:.."

What if there is no digest value. In other words, does this spec allow inclusion of <wsse:Nonce> and <wsu:Created> using passwords of type passwordText. Below is an example of what I am thinking of and was wondering if this would be considered compliant or not:

<wsse:Security > <wsse:UsernameToken > <wsse:Username>SomeUser</wsse:Username> <wsse:Password Type="...#PasswordText">SomePassword</wsse:Password> <wsse:Nonce>OGJjZjQwNjI5NzNmZjEzMjkwNDg5YzY4MWQzYTUwYWQ=</wsse:Nonce> <wsu:Created>2005-08-26T23:19:40Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> ...

I do realize that there are security implications and in this particular case there certain mitigating circumstances whose explanation is beyond the scope of this message.

Thanks in advance, Jahan

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets