Interesting. Not what I'd expect, but I'm sure there's a reason for it.
It's really too bad then that for having been involved in drafting the
UsernameToken Profile 1.1 spec that MS would mess up their implementation in
WCF.
So what would make the most sense as an approach to accommodate the
qua
It is not redundant. Read the XML specs. Password is an element. While
non-qualified subelements of a qualified element do inherit the qualified's
parent namespace, this is not true for attributes. Attributes that are not
explictly namespace-qualified do not inherit automatically the namespace of
t
I agree that's how the spec is written, but qualifying Type with the same
namespace as Password, while redundant, doesn't change the semantics as far
as XML is concerned. As the spec doesn't specifically forbid namespace
qualifying Type, I would expect non-qualified and redundantly qualified
forms
>From the specs:
line 239: /wsse:UsernameToken/wsse:Password/@Type
The Type attribute is clearly not namespaced. If it were WSS namespaced,
then the line above should have been
/wsse:UsernameToken/wsse:Password/@wsse:Type, but its not. For reference
look at line 328 in the spec and you will see
Hello,
I have recently encountered the issue described at
https://issues.apache.org/jira/browse/WSS-148 and am wondering if it doesn't
make sense to allow for the Type attribute to be namespace qualified.
I've examined Page 8 of the Web Services Security, UsernameToken Profile 1.1
spec and while
Hello:
Can someone give some pointers. Or should I post this to a different wss4j
group. Please let me know as this is very urgent.
Thanks for your time and help,
Regards,
cabear
On Wed, May 27, 2009 at 8:16 PM, Wishing Carebear <
wishing.careb...@gmail.com> wrote:
> Hello:
> I'm using wss4j wit
[
https://issues.apache.org/jira/browse/WSS-191?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved WSS-191.
-
Resolution: Fixed
> Move certificate validation our of WSHandler and into SignatureProcessor
[
https://issues.apache.org/jira/browse/WSS-191?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh closed WSS-191.
---
> Move certificate validation our of WSHandler and into SignatureProcessor
> ---
Author: coheigea
Date: Fri May 29 11:51:38 2009
New Revision: 779937
URL: http://svn.apache.org/viewvc?rev=779937&view=rev
Log:
[WSS-191] - Moved trust verification from WSHandler to SignatureProcessor
- Trust is now verified on certificates *before* signature validation
- This means that bad re
