Hi Barry, Yep true ! however the spec also recommends rejecting any UsernameToken that does not use *both* nonce and creation timestamps. Therefore in WSS4J, do you think we should allow producing UsernameTokens without those elements?
Thanks, Ruchith On 11/3/06, Barry McGann <[EMAIL PROTECTED]> wrote:
Hi, I have read the spec, although I was reading version 1.0 but have just read the newer 1.1 and it does state that theses are optional elements, however, if they are included then they must be included in the digest value. Thanks Barry Ruchith Fernando wrote: > Hi, > > It is not possible according to the spec [1] > > Thanks, > Ruchith > > [1] > http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-pr-UsernameTokenProfile-01.pdf > > > On 11/1/06, Barry McGann <[EMAIL PROTECTED]> wrote: >> Hi, >> >> How do you add a UsernameToken using passwordDigest without nonce and >> created? >> >> Cheers >> >> Barry McGann >> >> email: [EMAIL PROTECTED] >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- www.ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
