[prev in list] [next in list] [prev in thread] [next in thread]
List: rampart-dev
Subject: [jira] [Commented] (RAMPART-401) Reject stale UsernameToken/Created values
From: "Nathan Clement (JIRA)" <jira () apache ! org>
Date: 2013-03-26 6:09:15
Message-ID: JIRA.12637481.1363581858264.54232.1364278155800 () arcas
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/RAMPART-401?page=com.atlassian.jira.plugin \
.system.issuetabpanels:comment-tabpanel&focusedCommentId=13613537#comment-13613537 ]
Nathan Clement commented on RAMPART-401:
----------------------------------------
I think that this is related to WSS-427
> Reject stale UsernameToken/Created values
> -----------------------------------------
>
> Key: RAMPART-401
> URL: https://issues.apache.org/jira/browse/RAMPART-401
> Project: Rampart
> Issue Type: Improvement
> Affects Versions: 1.6.2
> Reporter: Nathan Clement
> Attachments: check_username_token_timestamp.patch
>
>
> The WS-Security UsernameToken Profile says the following about the \
> UsernameToken/Created element: {quote}
> It is RECOMMENDED that web service producers provide a timestamp "freshness" \
> limitation, and that any UsernameToken with "stale" timestamps be rejected. As a \
> guideline, a value of five minutes can be used as a minimum to detect, and thus \
> reject, replays. {quote}
> Please add support to Rampart for rejecting stale timestamps in the UsernameToken.
> Attached is a patch that implements this feature in the \
> PolicyBasedResultsValidator, although I don't know if that's the right place for \
> it.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic