[
https://issues.apache.org/jira/browse/RAMPART-144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12574964#action_12574964
]
Nandana Mihindukulasooriya commented on RAMPART-144:
----------------------------------------------------
I also agree with George. We will need to extend the Rampart Configuration for
this as suggested. Another concern is interoperability. Rampart specific stuff
will not be visible in the WSDL. So these information has to be transfered out
of band. Does anyone know whether WCF allow to configure timestamps with only
created element ? Anyway I think it is better to allow both use cases.
> Timestamp with just create time element
> ---------------------------------------
>
> Key: RAMPART-144
> URL: https://issues.apache.org/jira/browse/RAMPART-144
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.3
> Reporter: Narayan Singh Dhillon
> Assignee: Ruchith Udayanga Fernando
> Original Estimate: 0.5h
> Remaining Estimate: 0.5h
>
> If we want to just have "wsu:Created" element inside "wsu:Timestamp" then
> Rampart doesn't allow it.
> WS-Security policy doesn't seem to define any policy semantics for above, but
> this element is optional and often not used in practical scenarios because of
> clock differences, but it is considered best practice to have time stamp
> included in XMLdSig.
> I think as Created and Expires elements are not controlled by WS-Policy, we
> could adopt for the flexible solutions as below:
> (1) In client side, if timestampTTL element in rampart-config is set to 0,
> then wsu:expires element must not be created.
> (2) On Server side, Timestamp should be validated for full, that is if
> Created and Expires element are present then they should be validated
> otherwise just created time be validated. I think this is current behaviour.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
