expires element in timestamp is optional
----------------------------------------
Key: AXIS2C-266
URL: http://issues.apache.org/jira/browse/AXIS2C-266
Project: Axis2-C
Issue Type: Bug
Components: rampart
Affects Versions: Current (Nightly)
Reporter: James Clark
Priority: Minor
rampart_timestamp_token_validate requires an expires element, but the specs
(including BasicSecurityProfile) make expires optional. If expires is not
present, it means simply that the sender is not requesting any expiry of the
message's security semantics.
You would still want to do freshness checking of the message, but that needs to
be controlled by the receiver's policy, not by the sender.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
