|
|
|
Regardless of the particular security token used by any WS‑Security document, a utility timestamp element, which specifies the expiry time of a message, can be specified. If this element is covered by an XML signature, then the timestamp provides a protection against replay attacks for the entire XML document (different from the replay attack defense provided by the Username and Password Digest token) by giving an indication of the document's “freshness.”
Note: The expiry feature does not completely address the problems introduced by unsynchronized clocks. The receiving party in a WS‑Security message exchange may receive a document before the timestamp's created time; the issue of acceptable skew is a receiving policy issue, while the expiry offset is a creation policy issue.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |