Hello, I have recently encountered the issue described at https://issues.apache.org/jira/browse/WSS-148 and am wondering if it doesn't make sense to allow for the Type attribute to be namespace qualified.
I've examined Page 8 of the Web Services Security, UsernameToken Profile 1.1 spec and while the example XML doesn't namespace qualify the Type attribute, I don't see anywhere in the spec where it states that the Type attribute must not be namespace qualified. If fact there is no mention of namespace qualifying attributes in the spec that I can see. As such, I'd like to suggest that WSS-148 be reopened and wss4j modified to accept both unqualified and namespace qualified Type attributes on the Password element. I'd be happy to create the necessary patch. Thanks, Marc
