This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/discussion/do/listPosts/projects.ggf-editor/discussion.rec_secure_addressing_profile_1.topc4187 at Thu, 03 Nov 2022 23:20:53 GMT SourceForge : Post

Project Home

Tracker

Documents

Tasks

Source Code

Discussions

File Releases

Wiki

Project Admin
Project: Editor     Discussion > REC:Secure Addressing Profile 1.0 > nits and signing requirement > List of Posts
Forum Topic - nits and signing requirement: (2 Items)
View:  as 
 
 
nits and signing requirement
Generally looks good.

Nits:
-	Need to update OGF copyright to 2007, 2008
-	I find it generally good practice to include references on first referral to external standards. The intro mentions a 
whole list of standards you rely on by short identifier only (WS-Addressing, WS-SecurityPolicy, SSL/TSL, WS-Security, …
.). Appears WS-Addressing is missing from normative refs.
-	In  Section 4, Initiator and Resource are initial caps only while in secure communication they are all CAPS. 
Consistent style is good.

Section 6
-	I believe you should require all secure addresses to be signed.  A number of bad things can happen to clients who rely
 on secure-addresses which have been tampered with as I mentioned in my comments on the secure-communications draft.
Re: nits and signing requirement
Resolution: Addressed nits and changed the mentioned recommendation to a requirement.

-Duane

 
 


The Open Grid Forum Contact Webmaster | Report a problem | GridForge Help
This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/discussion/do/listPosts/projects.ggf-editor/discussion.rec_secure_addressing_profile_1.topc4187 at Thu, 03 Nov 2022 23:20:54 GMT