[
https://issues.apache.org/jira/browse/RAMPART-144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12573515#action_12573515
]
George Stanchev commented on RAMPART-144:
-----------------------------------------
If (1) is adopted how does one create a Timestamp element that contains Created
and Expires elements with the same value. I can foresee SP implementations that
balk at Timestamp with Expires only and require both Created and Expires to be
present. I think Rampart should be able to generate both Timestamps with
Create-only and with Create==Expires.
> Timestamp with just create time element
> ---------------------------------------
>
> Key: RAMPART-144
> URL: https://issues.apache.org/jira/browse/RAMPART-144
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.3
> Reporter: Narayan Singh Dhillon
> Assignee: Ruchith Udayanga Fernando
> Original Estimate: 0.5h
> Remaining Estimate: 0.5h
>
> If we want to just have "wsu:Created" element inside "wsu:Timestamp" then
> Rampart doesn't allow it.
> WS-Security policy doesn't seem to define any policy semantics for above, but
> this element is optional and often not used in practical scenarios because of
> clock differences, but it is considered best practice to have time stamp
> included in XMLdSig.
> I think as Created and Expires elements are not controlled by WS-Policy, we
> could adopt for the flexible solutions as below:
> (1) In client side, if timestampTTL element in rampart-config is set to 0,
> then wsu:expires element must not be created.
> (2) On Server side, Timestamp should be validated for full, that is if
> Created and Expires element are present then they should be validated
> otherwise just created time be validated. I think this is current behaviour.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
