wsse text password with nonce

savonrb / akami

Building Web Service Security

MIT License

36 stars 61 forks source link

wsse text password with nonce #21

Open federicolucca opened 9 years ago

federicolucca commented 9 years ago

Hi,

I need this feature,in refer of https://github.com/savonrb/savon/pull/131

Federico

tjarratt commented 9 years ago

Thanks for the pull request @federicolucca. I spent a moment looking into some of the specifications for the wsse:Nonce and wsu:Created elements here and apparently, when present, those must be part of the SHA1 digest.

https://www.oasis-open.org/committees/download.php/13392/wss-v1.1-spec-pr-UsernameTokenProfile-01.htm

Search for "wsu:created" on that page.

tjarratt commented 9 years ago

Granted, I'm not an expert at WSSE, and I just read that spec naively, so there may be some subtlety here I'm not aware of.

runemelhus commented 8 years ago

Hi,

We are waiting for this pull request. Will it be merged soon?