WS-I

Security Challenges, Threats and Countermeasures 1.0 Errata

Working Group Draft

Revision: 1.0

Date: 2006/08/14 00:00:00

This version:
http://www.ws-i.org/Profiles/BasicSecurity/SecurityChallenges-1.0-errata-2006-08-14.html
Latest version:
http://www.ws-i.org/Profiles/BasicSecurity/SecurityChallenges-1.0-errata.html

Editors:

Administrative contact:


Abstract

This document contains the set of published errata against the WS-I SecurityChallenges-1.0.

Status of this Document

This document is a Working Group Draft; and reflects consensus within the Working Group. This document may be updated as and when new issues arise and get resolved by the Working Group.

Notice

The material contained herein is not a license, either expressly or impliedly, to any intellectual property owned or controlled by any of the authors or developers of this material or WS-I. The material contained herein is provided on an "AS IS" basis and to the maximum extent permitted by applicable law, this material is provided AS IS AND WITH ALL FAULTS, and the authors and developers of this material and WS-I hereby disclaim all other warranties and conditions, either express, implied or statutory, including, but not limited to, any (if any) implied warranties, duties or conditions of merchantability, of fitness for a particular purpose, of accuracy or completeness of responses, of results, of workmanlike effort, of lack of viruses, and of lack of negligence. ALSO, THERE IS NO WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION, CORRESPONDENCE TO DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO THIS MATERIAL.

IN NO EVENT WILL ANY AUTHOR OR DEVELOPER OF THIS MATERIAL OR WS-I BE LIABLE TO ANY OTHER PARTY FOR THE COST OF PROCURING SUBSTITUTE GOODS OR SERVICES, LOST PROFITS, LOSS OF USE, LOSS OF DATA, OR ANY INCIDENTAL, CONSEQUENTIAL, DIRECT, INDIRECT, OR SPECIAL DAMAGES WHETHER UNDER CONTRACT, TORT, WARRANTY, OR OTHERWISE, ARISING IN ANY WAY OUT OF THIS OR ANY OTHER AGREEMENT RELATING TO THIS MATERIAL, WHETHER OR NOT SUCH PARTY HAD ADVANCE NOTICE OF THE POSSIBILITY OF SUCH DAMAGES.

Feedback

The Web Services-Interoperability Organization (WS-I) would like to receive input, suggestions and other feedback ("Feedback") on this work from a wide variety of industry participants to improve its quality over time.

By sending email, or otherwise communicating with WS-I, you (on behalf of yourself if you are an individual, and your company if you are providing Feedback on behalf of the company) will be deemed to have granted to WS-I, the members of WS-I, and other parties that have access to your Feedback, a non-exclusive, non-transferable, worldwide, perpetual, irrevocable, royalty-free license to use, disclose, copy, license, modify, sublicense or otherwise distribute and exploit in any manner whatsoever the Feedback you provide regarding the work. You acknowledge that you have no expectation of confidentiality with respect to any Feedback you provide. You represent and warrant that you have rights to provide this Feedback, and if you are providing Feedback on behalf of a company, you represent and warrant that you have the rights to provide Feedback on behalf of your company. You also acknowledge that WS-I is not required to review, discuss, use, consider or in any way incorporate your Feedback into future versions of its work. If WS-I does incorporate some or all of your Feedback in a future version of the work, it may, but is not obligated to include your name (or, if you are identified as acting on behalf of your company, the name of your company) on a list of contributors to the work. If the foregoing is not acceptable to you and any company on whose behalf you are acting, please do not provide any Feedback.

Feedback on this document should be directed to wsi_secprofile@lists.ws-i.org.


er001 Error in comment for transport level security options
Description

Table 2 on page 20 lists transport layer security options. The confidentiality row contains the following comment:

Assuming that cipher suites NULL-SHA or NULL-MD5 are not being supported because these suites do support encryption.

This is in error, as cipher suites NULL-SHA and NULL-MD5 do not support encryption.

Resolution: 2006-07-20

Reword comment as follows (add "not"):

Assuming that cipher suites NULL-SHA or NULL-MD5 are not being supported because these suites do not support encryption.

er002 Incorrect URL for latest version of document
Description

(a) URL on page 1 pointing to the current version of Security Challenges, Threats and Countermeasures document is incorrect:

http://www.ws-i.org/Profiles/BasicSecurity/SecurityChallenges-1.0-20050507.doc

(b) URL on page 1 pointing to the latest version of Security Challenges, Threats and Countermeasures document is also incorrect:

http://www.ws-i.org/Profiles/BasicSecurity/SecurityChallenges-1.0.doc

Resolution: 2006-07-20

We are publishing .pdf file only and not the source, so the URLs should be updated to refer to the PDF versions.

(a) The URL for the current version should read:

http://www.ws-i.org/Profiles/BasicSecurity/SecurityChallenges-1.0-20050507.pdf

(b) The URL for the latest version should read:

http://www.ws-i.org/Profiles/BasicSecurity/SecurityChallenges-1.0.pdf