WS-I

Basic Security Profile [1.0] Test Assertions Version 1.0

Final Material

2008-07-09

Editors:
Ram Poornalingam , Microsoft Corporation (rampo@microsoft.com)
Ed Johns , Microsoft Corporation (edjohns@microsoft.com)
Govind Ramanathan , Microsoft Corporation (govindr@microsoft.com)
Shrikant Wagh , Optimyz Software, Inc. (shrikant@optimyz.com)
David Lauzon , IBM Corporation (lauzond@ca.ibm.com)
Craig Chaney , IBM Corporation (craigcw@us.ibm.com)
Other Contributors
Keith Stobie (Microsoft Corporation), Martin Gudgin (Microsoft Corporation),
Administrative contact:
secretary@ws-i.org

Abstract

This document contains the test assertions for the WS-I Basic Security Profile definition. These test assertions are used by the analyzer testing tool to determine if a Web service is conformant to the Basic Security Profile.

Notice

The material contained herein is not a license, either expressly or impliedly, to any intellectual property owned or controlled by any of the authors or developers of this material or WS-I. The material contained herein is provided on an "AS IS" basis and to the maximum extent permitted by applicable law, this material is provided AS IS AND WITH ALL FAULTS, and the authors and developers of this material and WS-I hereby disclaim all other warranties and conditions, either express, implied or statutory, including, but not limited to, any (if any) implied warranties, duties or conditions of merchantability, of fitness for a particular purpose, of accuracy or completeness of responses, of results, of workmanlike effort, of lack of viruses, and of lack of negligence. ALSO, THERE IS NO WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION, CORRESPONDENCE TO DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO THIS MATERIAL.

IN NO EVENT WILL ANY AUTHOR OR DEVELOPER OF THIS MATERIAL OR WS-I BE LIABLE TO ANY OTHER PARTY FOR THE COST OF PROCURING SUBSTITUTE GOODS OR SERVICES, LOST PROFITS, LOSS OF USE, LOSS OF DATA, OR ANY INCIDENTAL, CONSEQUENTIAL, DIRECT, INDIRECT, OR SPECIAL DAMAGES WHETHER UNDER CONTRACT, TORT, WARRANTY, OR OTHERWISE, ARISING IN ANY WAY OUT OF THIS OR ANY OTHER AGREEMENT RELATING TO THIS MATERIAL, WHETHER OR NOT SUCH PARTY HAD ADVANCE NOTICE OF THE POSSIBILITY OF SUCH DAMAGES.

Feedback

The Web Services-Interoperability Organization (WS-I) would like to receive input, suggestions and other feedback ("Feedback") on this work from a wide variety of industry participants to improve its quality over time.

By sending email, or otherwise communicating with WS-I, you (on behalf of yourself if you are an individual, and your company if you are providing Feedback on behalf of the company) will be deemed to have granted to WS-I, the members of WS-I, and other parties that have access to your Feedback, a non-exclusive, non-transferable, worldwide, perpetual, irrevocable, royalty-free license to use, disclose, copy, license, modify, sublicense or otherwise distribute and exploit in any manner whatsoever the Feedback you provide regarding the work. You acknowledge that you have no expectation of confidentiality with respect to any Feedback you provide. You represent and warrant that you have rights to provide this Feedback, and if you are providing Feedback on behalf of a company, you represent and warrant that you have the rights to provide Feedback on behalf of your company. You also acknowledge that WS-I is not required to review, discuss, use, consider or in any way incorporate your Feedback into future versions of its work. If WS-I does incorporate some or all of your Feedback in a future version of the work, it may, but is not obligated to include your name (or, if you are identified as acting on behalf of your company, the name of your company) on a list of contributors to the work. If the foregoing is not acceptable to you and any company on whose behalf you are acting, please do not provide any Feedback.

WS-I members should direct feedback on this document to wsi_testing@lists.ws-i.org; non-members should direct feedback to wsi-tools@ws-i.org.


Table of Contents

Document Conventions
Profile Definitions
Test Assertion Artifacts
secureEnvelope
Test Assertion Counts
Profile Requirements Index
Appendix A: Referenced Specifications


Document Conventions

The labels used for entry types in this document map one-to-one with the conformance targets from the profile document, but use a different convention for capitalization. For example, the conformance target SECURITY_HEADER corresponds to the entry type securityHeader.

This document uses a number of namespace prefixes throughout; their associated URIs are listed below. Note that the choice of any namespace prefix is arbitrary and not semantically significant.

A "candidate" element is one that is to be verified for conformance. The analyzer specification contains a detailed explanation of all of the fields listed in this document.

Test assertion headings that have this background color are disabled and will not be processed by the analyzer.


Profile Definitions

ID Name Version Revision Location
BSP1 Basic Security Profile 1.0 BdAD 19Oct06 http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html
SAML Basic Security Profile 1.0 BdAD 19Oct06 http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html
KERB Basic Security Profile 1.0 BdAD 19Oct06 http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html
RTP1 Basic Security Profile 1.0 BdAD 19Oct06 http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html


Test Assertion Artifacts


Profile Artifact: secureEnvelope

The Basic Security Profile 1.0 requires support for SOAP 1.1 and HTTP 1.0 or 1.1.

Specification Reference List:


Test Assertions [as they appear in the document]:

ID Entry Type Test Type Enabled
BSP5607 anySecureEnvelope required

true

BSP3204 anySecureEnvelope required

true

BSP3206 soapHeader required

true

BSP3210 soapHeader required

true

BSP3227 securityHeader required

true

BSP3203 timestamp required

true

BSP3224 timestamp required

true

BSP3221 timestamp required

true

BSP3222 timestamp required

true

BSP3220 created recommended

true

BSP3229 expires recommended

true

BSP3213 created required

true

BSP3215 expires required

true

BSP3225 created required

true

BSP3226 expires required

true

BSP3217 created required

true

BSP3223 expires required

true

BSP3057 strReference required

true

BSP3064 strReference required

true

BSP3059 strReference required

true

BSP3062 strReference required

true

BSP3027 securityTokenReference required

true

BSP3054 strKeyIdentifier required

true

BSP3070 strKeyIdentifier required

true

BSP3071 strKeyIdentifier required

true

BSP3060 strEmbedded required

true

BSP3056 strEmbedded required

true

BSP3066 strReference required

true

BSP3067 strReference required

true

BSP3102 signature required

true

BSP3104 signature recommended

true

BSP3103 signature recommended

true

BSP3001 sigReference recommended

true

BSP5416 sigReference required

true

BSP5411 sigTransforms required

true

BSP5423 sigTransform required

true

BSP5412 sigTransforms required

true

BSP3065 sigTransform required

true

BSP5404 canonicalizationMethod required

true

BSP5420 digestMethod recommended

true

BSP5421 signatureMethod recommended

true

BSP5401 signatureMethod required

true

BSP5402 sigKeyInfo required

true

BSP5417 sigKeyInfo required

true

BSP5403 signature required

true

BSP5440 signature required

true

BSP3208 encryptedKey required

true

BSP3216 encryptedKey recommended

true

BSP3209 encryptedKey required

true

BSP5622 encryptedKey required

true

BSP5623 encryptedKey required

true

BSP5602 encryptedKey required

true

BSP5603 encryptedKey required

true

BSP5629 encryptedData required

true

BSP5601 encryptedData required

true

BSP5424 encKeyInfo required

true

BSP5426 encKeyInfo required

true

BSP5608 encDataReference required

true

BSP3006 ekDataReference required

true

BSP5613 encKeyReference required

true

BSP3007 ekKeyReference required

true

BSP5620 edEncryptionMethod required

true

BSP5626 ekEncryptionMethod required

true

BSP5614 headerElement required

true

BSP3029 binarySecurityToken required

true

BSP3030 binarySecurityToken required

true

BSP3031 binarySecurityToken required

true

BSP3032 binarySecurityToken required

true

BSP4222 usernameToken required

true

BSP4201 password required

true

BSP4223 usernameToken required

true

BSP4225 usernameToken required

true

BSP4220 nonce required

true

BSP4221 nonce required

true

BSP4214 strReference required

true

BSP6301 strReference required

true

BSP6602 strKeyIdentifier required

true

BSP6604 strKeyIdentifier required

true

BSP6607 samlAuthorityBinding required

true

BSP6997 anySecureEnvelope notTestable

false

BSP6998 anySecureEnvelope notTestable

false

BSP6999 anySecureEnvelope notTestable

false

BSP0002 anySecureEnvelope informational

true

Test Assertions [sorted by ID]:

ID Entry Type Test Type Enabled
BSP0002 anySecureEnvelope informational

true

BSP3001 sigReference recommended

true

BSP3006 ekDataReference required

true

BSP3007 ekKeyReference required

true

BSP3027 securityTokenReference required

true

BSP3029 binarySecurityToken required

true

BSP3030 binarySecurityToken required

true

BSP3031 binarySecurityToken required

true

BSP3032 binarySecurityToken required

true

BSP3054 strKeyIdentifier required

true

BSP3056 strEmbedded required

true

BSP3057 strReference required

true

BSP3059 strReference required

true

BSP3060 strEmbedded required

true

BSP3062 strReference required

true

BSP3064 strReference required

true

BSP3065 sigTransform required

true

BSP3066 strReference required

true

BSP3067 strReference required

true

BSP3070 strKeyIdentifier required

true

BSP3071 strKeyIdentifier required

true

BSP3102 signature required

true

BSP3103 signature recommended

true

BSP3104 signature recommended

true

BSP3203 timestamp required

true

BSP3204 anySecureEnvelope required

true

BSP3206 soapHeader required

true

BSP3208 encryptedKey required

true

BSP3209 encryptedKey required

true

BSP3210 soapHeader required

true

BSP3213 created required

true

BSP3215 expires required

true

BSP3216 encryptedKey recommended

true

BSP3217 created required

true

BSP3220 created recommended

true

BSP3221 timestamp required

true

BSP3222 timestamp required

true

BSP3223 expires required

true

BSP3224 timestamp required

true

BSP3225 created required

true

BSP3226 expires required

true

BSP3227 securityHeader required

true

BSP3229 expires recommended

true

BSP4201 password required

true

BSP4214 strReference required

true

BSP4220 nonce required

true

BSP4221 nonce required

true

BSP4222 usernameToken required

true

BSP4223 usernameToken required

true

BSP4225 usernameToken required

true

BSP5401 signatureMethod required

true

BSP5402 sigKeyInfo required

true

BSP5403 signature required

true

BSP5404 canonicalizationMethod required

true

BSP5411 sigTransforms required

true

BSP5412 sigTransforms required

true

BSP5416 sigReference required

true

BSP5417 sigKeyInfo required

true

BSP5420 digestMethod recommended

true

BSP5421 signatureMethod recommended

true

BSP5423 sigTransform required

true

BSP5424 encKeyInfo required

true

BSP5426 encKeyInfo required

true

BSP5440 signature required

true

BSP5601 encryptedData required

true

BSP5602 encryptedKey required

true

BSP5603 encryptedKey required

true

BSP5607 anySecureEnvelope required

true

BSP5608 encDataReference required

true

BSP5613 encKeyReference required

true

BSP5614 headerElement required

true

BSP5620 edEncryptionMethod required

true

BSP5622 encryptedKey required

true

BSP5623 encryptedKey required

true

BSP5626 ekEncryptionMethod required

true

BSP5629 encryptedData required

true

BSP6301 strReference required

true

BSP6602 strKeyIdentifier required

true

BSP6604 strKeyIdentifier required

true

BSP6607 samlAuthorityBinding required

true

BSP6997 anySecureEnvelope notTestable

false

BSP6998 anySecureEnvelope notTestable

false

BSP6999 anySecureEnvelope notTestable

false


Test Assertion: BSP5607

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
anySecureEnvelope required

true

none none [Not specified] R5607

Context:
For any secureEnvelope containing an encryptedKey or encryptedData.

Assertion Description:
"boolean(./self::soap:Envelope[soap:Header])=true() and boolean(./self::soap:Envelope[soap:Body])=true()"

Failure Message:
A soap:Envelope containing encryption is not a valid SOAP envelope.

Failure Detail Description:
The soap:Envelope in question.

Comments:
Old id="BSP6515"


Return to top of document.

Test Assertion: BSP3204

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
anySecureEnvelope required

true

none none [Not specified] R3204

Context:
For any secureEnvelope.

Assertion Description:
No two "./self::soap:Envelope//*[@wsu:Id]" attributes have the same value.

Failure Message:
Two wsu:Id attributes within a soap:Envelope have the same value.

Failure Detail Description:
The soap:Envelope in question.

Comments:
Old id="BSP6019"


Return to top of document.

Test Assertion: BSP3206

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
soapHeader required

true

none none [Not specified] R3206

Context:
For any soapHeader.

Assertion Description:
"count(./self::soap:Header/wsse:Security[count(@soap:actor)=0])<=1"

Failure Message:
More than one wsse:Security block exists in a soap:Header with the actor attribute omitted (i.e., it is the case that "count(./self::soap:Header/wsse:Security[count(@soap:actor)=0])>1".

Failure Detail Description:
The soap:Header element in question.

Comments:
Old id="BSP6020"


Return to top of document.

Test Assertion: BSP3210

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
soapHeader required

true

none none [Not specified] R3210

Context:
For any soapHeader.

Assertion Description:
All ./self::soap:Header/wsse:Security/@soap:actor are unique.

Failure Message:
Two or more wsse:Security elements are present in the soap:Header with the same value for the actor attribute.

Failure Detail Description:
The soap:Header element in question.

Comments:
Old id="BSP6021"


Return to top of document.

Test Assertion: BSP3227

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
securityHeader required

true

none none [Not specified] R3227

Context:
For any securityHeader.

Assertion Description:
"boolean(./self::wsse:Security[count(wsu:Timestamp)>1])=false()"

Failure Message:
A wsse:Security contains more than one wsu:Timestamp (i.e. it is the case that ./self::wsse:Security[count(wsu:Timestamp)>1]).

Failure Detail Description:
The wsse:Security element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3203

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
timestamp required

true

none none [Not specified] R3203

Context:
For any timestamp.

Assertion Description:
"boolean(./self::wsu:Timestamp[count(wsu:Created)=1])=true()"

Failure Message:
A wsu:Timestamp element does NOT contain exactly one wsu:Created child element (i.e., it is the case that "./self::wsu:Timestamp[count(wsu:Created)!=1]").

Failure Detail Description:
The wsu:Timestamp element in question.

Comments:
Old id="BSP6006"


Return to top of document.

Test Assertion: BSP3224

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
timestamp required

true

none none [Not specified] R3224

Context:
For any timestamp.

Assertion Description:
"boolean(./self::wsu:Timestamp[count(wsu:Expires)>1])=false()"

Failure Message:
A wsu:Timestamp element contains more than one wsu:Expires child element (i.e., it is the case that "./self::wsu:Timestamp[count(wsu:Expires)>1]").

Failure Detail Description:
The wsu:Timestamp element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3221

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
timestamp required

true

none none BSP3203
BSP3224
R3221

Context:
For any timestamp that contains an expires.

Assertion Description:
"boolean(./self::wsu:Timestamp/wsu:Expires/preceding-sibling::*=./self::wsu:Timestamp/wsu:Created)=true()"

Failure Message:
wsu:Created and wsu:Expires elements appear in an improper order within a wsu:Timestamp element.

Failure Detail Description:
The wsu:Timestamp element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3222

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
timestamp required

true

none none [Not specified] R3222

Context:
For any timestamp

Assertion Description:
"count(./self::wsu:Timestamp/wsu:Created)+count(./self::wsu:Timestamp/wsu:Expires)=count(./self::wsu:Timestamp/*)"

Failure Message:
A wsu:Timestamp contains child elements other than wsu:Created or wsu:Expires.

Failure Detail Description:
The wsu:Timestamp element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3220

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
created recommended

true

none none BSP3217 R3220

Context:
For any created.

Assertion Description:
"seconds-from-duration(./self::wsu:Created/text()) should not contain more than 3 digits to right of decimal."

Failure Message:
A wsu:Created element contains more than three digits to the right of decimal.

Failure Detail Description:
The wsu:Created element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3229

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
expires recommended

true

none none BSP3223 R3229

Context:
For any expired.

Assertion Description:
"seconds-from-duration(./self::wsu:Expires/text()) should not contain more than 3 digits to right of decimal."

Failure Message:
A wsu:Expires element contains more than three digits to the right of decimal.

Failure Detail Description:
The wsu:Expires element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3213

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
created required

true

none none BSP3217 R3213

Context:
For any created that contains second values.

Assertion Description:
"seconds-from-duration(./self::wsu:Created/text()) < 60"

Failure Message:
A wsu:Created element has a seconds value greater than or equal to 60.

Failure Detail Description:
The wsu:Created element in question.

Comments:
Old id="BSP6012"


Return to top of document.

Test Assertion: BSP3215

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
expires required

true

none none BSP3223 R3215

Context:
For any expires that contains second values.

Assertion Description:
"seconds-from-duration(./self::wsu:Expires/text()) < 60"

Failure Message:
A wsu:Expires element has a seconds value greater than or equal to 60.

Failure Detail Description:
The wsu:Expires element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3225

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
created required

true

none none [Not specified] R3225

Context:
For any created.

Assertion Description:
"boolean(./self::wsu:Created/@ValueType)=false()"

Failure Message:
A wsu:Created element contains a ValueType attribute (i.e. it is the case that ./self::wsu:Created/@ValueType).

Failure Detail Description:
The wsu:Created element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3226

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
expires required

true

none none [Not specified] R3226

Context:
For any expires.

Assertion Description:
"boolean(./self::wsu:Expires/@ValueType)=false()"

Failure Message:
A wsu:Expires element contains a ValueType attribute (i.e. it is the case that ./self::wsu:Expires/@ValueType).

Failure Detail Description:
The wsu:Expires element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3217

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
created required

true

none none [Not specified] R3217

Context:
For any created.

Assertion Description:
The time value is in UTC format as specified by the XML Schema type (dateTime).

Failure Message:
A wsu:Created element does NOT contain time instants in UTC format as specified by the XML Schema type (dateTime).

Failure Detail Description:
The wsu:Created element(s) in question.

Comments:
Old id="BSP6013"


Return to top of document.

Test Assertion: BSP3223

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
expires required

true

none none [Not specified] R3223

Context:
For any expires.

Assertion Description:
The time value is in UTC format as specified by the XML Schema type (dateTime).

Failure Message:
A wsu:Expires element does NOT contain time instants in UTC format as specified by the XML Schema type (dateTime).

Failure Detail Description:
The wsu:Expires element(s) in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3057

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
strReference required

true

none none BSP3062 R3057

Context:
For any strReference.

Assertion Description:
The //[@wsu:Id=./self::wsse:Reference/@URI] is not a wsse:SecurityTokenReference element.

Failure Message:
A wsse:Reference element references a wsse:SecurityTokenReference.

Failure Detail Description:
The wsse:Reference element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3064

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
strReference required

true

none none BSP3062 R3064

Context:
For any strReference.

Assertion Description:
The //[@wsu:Id=./self::wsse:Reference/@URI] is not a wsse:Embedded element.

Failure Message:
A wsse:Reference element references a wsse:Embedded.

Failure Detail Description:
The wsse:Reference element in question.

Comments:
Old id="BSP6608"


Return to top of document.

Test Assertion: BSP3059

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
strReference required

true

none none [Not specified] R3059

Context:
For any strReference.

Assertion Description:
"boolean(./self::wsse:Reference/@ValueType)=true()"

Failure Message:
A wsse:Reference element does NOT contain a ValueType attribute (i.e., it is NOT the case that "./self::wsse:Reference/@ValueType").

Failure Detail Description:
The wsse:Reference element in question.

Comments:
Old id="BSP6201"


Return to top of document.

Test Assertion: BSP3062

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
strReference required

true

none none [Not specified] R3062

Context:
For any strReference.

Assertion Description:
"boolean(./self::wsse:Reference/@URI)=true()"

Failure Message:
A wsse:Reference element does NOT have a URI attribute (i.e., it is NOT the case that "./self::wsse:Reference/@URI").

Failure Detail Description:
The wsse:Reference element in question.

Comments:
Old id="BSP6202"


Return to top of document.

Test Assertion: BSP3027

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
securityTokenReference required

true

none none [Not specified] R3027

Context:
For any securityTokenReference.

Assertion Description:
"boolean(./self::wsse:SecurityTokenReference[ds:KeyName])=false()"

Failure Message:
A wsse:SecurityTokenReference contains an ds:KeyName (i.e., it is the case that "./self::wsse:SecurityTokenReference[ds:KeyName]").

Failure Detail Description:
The wsse:SecurityTokenReference element in question.

Comments:
Old id="BSP6004"


Return to top of document.

Test Assertion: BSP3054

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
strKeyIdentifier required

true

none none [Not specified] R3054

Context:
For any strKeyIdentifier.

Assertion Description:
"boolean(./self::wsse:KeyIdentifier[@ValueType])=true()"

Failure Message:
A wsse:KeyIdentifier element does NOT contain a ValueType attribute (i.e., it is NOT the case that "./self::wsse:KeyIdentifier[@ValueType]").

Failure Detail Description:
The wsse:KeyIdentifier element in question.

Comments:
Old id="BSP6003"


Return to top of document.

Test Assertion: BSP3070

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
strKeyIdentifier required

true

none none [Not specified] R3070

Context:
For any strKeyIdentifier that refers to a securityToken other than a samlToken.

Assertion Description:
"boolean(./self::wsse:KeyIdentifier[@EncodingType])=true()"

Failure Message:
A wsse:KeyIndetifier element does NOT contain a EncodingType attribute (i.e., it is NOT the case that "./self::wsse:KeyIdentifier[@EncodingType]").

Failure Detail Description:
The wsse:KeyIdentifier element in question

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3071

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
strKeyIdentifier required

true

none none BSP3070 R3071

Context:
For any strKeyIdentifier that has an EncodingType attribute.

Assertion Description:
"boolean(./self::wsse:KeyIdentifier[@EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'])=true()"

Failure Message:
A wsse:KeyIdentifier element contains an EncodingType attribute that does NOT have a value of "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" (i.e., it is NOT the case that "./self::wsse:KeyIdentifier[@EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary']").

Failure Detail Description:
The wsse:KeyIdentifier element in question

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3060

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
strEmbedded required

true

none none [Not specified] R3060

Context:
For any strEmbedded.

Assertion Description:
"count(./self::wsse:Embedded/*)=1" AND the child is an internalSecurityToken.

Failure Message:
A wsse:Embedded element has zero or more than one security token child element (i.e. it is not the case that count(./self::wsse:Embedded/*)=1)

Failure Detail Description:
The wsse:Embedded element in question.

Comments:
Old id="BSP6606".


Return to top of document.

Test Assertion: BSP3056

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
strEmbedded required

true

none none [Not specified] R3056

Context:
For any strEmbedded.

Assertion Description:
"boolean(./self::wsse:Embedded[wsse:SecurityTokenReference])=false()"

Failure Message:
A wsse:Embedded element contains a wsse:SecurityTokenReference child element (i.e. it is the case that ./self::wsse:Embedded[wsse:SecurityTokenReference]).

Failure Detail Description:
The wsse:Embedded element in question.

Comments:
Old id="BSP6604"


Return to top of document.

Test Assertion: BSP3066

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
strReference required

true

none none BSP3062 R3066

Context:
For any strReference that is a descendant of a securityHeader.

Assertion Description:
For __thisURI = "./self::wsse:Reference/@URI" "boolean(./self::wsse:Reference/ancestor::wsse:Security=//*[concat('#',@wsu:Id)=__thisURI]/ancestor::wsse:Security)=true()"

Failure Message:
A wsse:Reference uses a shorthand XPointer does not reference any security tokens located in the same wsse:Security element.

Failure Detail Description:
The wsse:Reference in question.

Comments:
Old id="BSP6420"


Return to top of document.

Test Assertion: BSP3067

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
strReference required

true

none none BSP3062 R3067

Context:
For any strReference that is a descendant of an encryptedData.

Assertion Description:
The wsse:Reference must not use a Shorthand XPointer to refer to a security token located in a wsse:Security element other than the wsse:Security element containing a reference to the xenc:Encrypted element that contains the wsse:Reference.

Failure Message:
A wsse:Reference uses a shorthand XPointer does not reference any security tokens located in the wsse:Security element that contains a reference to the wsse:Reference's containing xenc:Encrypted.

Failure Detail Description:
The wsse:Reference in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3102

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
signature required

true

none none [Not specified] R3102

Context:
For any signature.

Assertion Description:
For __thisURI="./self::ds:Signature/ds:SignedInfo/ds:Reference/@URI" "boolean(./self::ds:Signature//*[concat('#',@Id)=__thisURI])=false"

Failure Message:
A wsse:Signature element includes an Enveloping Signature.

Failure Detail Description:
The wsse:Signature element in question.

Comments:
Old id="BSP6609"


Return to top of document.

Test Assertion: BSP3104

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
signature recommended

true

none none [Not specified] R3104

Context:
For any signature.

Assertion Description:
For __thisURI="./self::ds:Signature/ds:SignedInfo/ds:Reference/@URI" "boolean(./ancestor::ds:Signature[concat('#',@Id)=__thisURI]=false()"

Failure Message:
A wsse:Signature element is an Enveloped Signature.

Failure Detail Description:
The wsse:Signature element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3103

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
signature recommended

true

none none [Not specified] R3103

Context:
For any signature.

Assertion Description:
For __thisURI="./self::ds:Signature/ds:SignedInfo/ds:Reference/@URI" "boolean(/soap:Envelope//*[concat('#',@Id)=__thisURI]/self::ds:Signature/ds:SignedInfo/ds:Reference/@URI=__thisURI)=true()"

Failure Message:
A wsse:Signature element is not a Detached Signature.

Failure Detail Description:
The wsse:Signature element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3001

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
sigReference recommended

true

none none [Not specified] R3001

Context:
For any sigReference.

Assertion Description:
"boolean(./self::ds:Reference/@URI)=true()" and the value ./self::ds:Reference/@URI is a Shorthand XPointer Reference.

Failure Message:
A ds:Reference element does not contain URI attribute (i.e., it is NOT the case that "boolean(./self::ds:Reference/@URI)=true()") or the value ./self:ds:Reference/@URI is not Shorthand XPointer Reference.

Failure Detail Description:
The ds:Reference element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP5416

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
sigReference required

true

none none [Not specified] R5416

Context:
For any sigReference.

Assertion Description:
"boolean(./self::ds:Reference/ds:Transforms)=true()"

Failure Message:
A ds:Reference element does NOT contain a ds:Transforms child element (i.e., it is NOT the case that "./self::ds:Reference/ds:Transforms").

Failure Detail Description:
The ds:Reference element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP5411

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
sigTransforms required

true

none none [Not specified] R5411

Context:
For any sigTransforms.

Assertion Description:
"boolean(./self::ds:Transforms[count(ds:Transform)>=1])=true()"

Failure Message:
A ds:Transforms elements in the signature does NOT contain a ds:Transform child element (i.e., it is NOT the case that "./self::ds:Transforms/ds:Transform").

Failure Detail Description:
The ds:Transforms element in question.

Comments:
Old id="BSP6406"


Return to top of document.

Test Assertion: BSP5423

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
sigTransform required

true

none none [Not specified] R5423

Context:
For any sigTransform with an Algorithm attribute.

Assertion Description:
"boolean(./self::ds:Transform[ @Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' or @Algorithm='http://www.w3.org/2002/06/xmldsig-filter2' or @Algorithm='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform' or @Algorithm='http://www.w3.org/2000/09/xmldsig#enveloped-signature' or @Algorithm='http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform' or @Algorithm='http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete-Signature-Transform'])=true()"

Failure Message:
A ds:Transform/@Algorithm attribute in a signature has a value other than those specified in the profile (i.e., it is NOT the case that "./self::ds:Transform[ @Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' or @Algorithm='http://www.w3.org/2002/06/xmldsig-filter2' or @Algorithm='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform' or @Algorithm='http://www.w3.org/2000/09/xmldsig#enveloped-signature' or @Algorithm='http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform' or @Algorithm='http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete-Signature-Transform'])".

Failure Detail Description:
The ds:Transform elements in question.

Comments:
Old id="BSP6409"


Return to top of document.

Test Assertion: BSP5412

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
sigTransforms required

true

none none BSP5411 R5412

Context:
For any sigTransforms.

Assertion Description:
"./self::ds:Transforms/child::*[last()]=./self::ds:Transforms/child::ds:Transform[last()] and boolean(./self::ds:Transforms/child::*[last()] [@Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' or @Algorithm='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform' or @Algorithm='http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Signature-Transform' or @Algorithm='http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Complete-Signature-Transform'])=true()"

Failure Message:
A ds:Transforms element in the signature does NOT have a ds:Transform element as its last child or the ds:Transform Element contains an Agorithm attribute is not one of "http://www.w3.org/2001/10/xml-exc-c14n#" or "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform" or "http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Signature-Transform" or "http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Complete-Signature-Transform" (i.e., it is NOT the case that "./self::ds:Transforms/child::*[last()]=./self::ds:Transforms/child::ds:Transform[last()]" or "./sel;f::ds:Transforms/child::*[last()][@Alorithm='http://www.w3.org/2001/10/xml-exc-c14n#' or @Alorithm='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform' or @Alorithm='http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Signature-Transform' or @Alorithm='http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Complete-Signature-Transform']").

Failure Detail Description:
The ds:Transforms element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3065

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
sigTransform required

true

none none [Not specified] R3065

Context:
For any sigTransform containing an Algorithm attribute with a value of "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform".

Assertion Description:
"boolean(./self::ds:Transform/wsse:TransformationParameters/ds:CanonicalizationMethod)=true()"

Failure Message:
A ds:Transform element for a Security Token Dereferencing Transform does not contain a wsse:TransformationParameters child element containing a ds:CanonicalizationMethod child element (i.e. it is NOT the case that ./self::ds:Transform/wsse:TransformationParameters/ds:CanonicalizationMethod.

Failure Detail Description:
The ds:Transform element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP5404

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
canonicalizationMethod required

true

none none [Not specified] R5404

Context:
For any canonicalizationMethod.

Assertion Description:
"boolean(./self::ds:CanonicalizationMethod[@Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'])=true()"

Failure Message:
A ds:CanonicalizationMethod/@Algorithm attribute has a value other than "http://www.w3.org/2001/10/xml-exc-c14n#" (i.e., it is NOT the case that "./self::ds:CanonicalizationMethod[@Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#']").

Failure Detail Description:
The ds:CanonicalizationMethod element in question.

Comments:
Old id="BSP6407"


Return to top of document.

Test Assertion: BSP5420

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
digestMethod recommended

true

none none [Not specified] R5420

Context:
For any digestMethod.

Assertion Description:
"boolean(./self::ds:DigestMethod[@Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"])=true()"

Failure Message:
A ds:DigestMethod element does not contain a Algorithm attribute or the Algorithm attribute does not contain the value "http://www.w3.org/2000/09/xmldsig#sha1" (i.e., it is NOT the case that "boolean(./self::ds:DigestMethod[@Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"])=true()").

Failure Detail Description:
The ds:DigestMethod element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP5421

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
signatureMethod recommended

true

none none [Not specified] R5421

Context:
For any signatureMethod.

Assertion Description:
"boolean(./self::ds:SignatureMethod[@Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" or @Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"])=true()"

Failure Message:
A ds:SignatureMethod element does not contain a Algorithm attribute or the Algorithm attribute does not contain the value "http://www.w3.org/2000/09/xmldsig#hmac-sha1" or "http://www.w3.org/2000/09/xmldsig#rsa-sha1" (i.e., it is NOT the case that "boolean(./self::ds:SignatureMethod[@Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" or @Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"])=true()").

Failure Detail Description:
The ds:SignatureMethod element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP5401

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
signatureMethod required

true

none none [Not specified] R5401

Context:
For any signatureMethod.

Assertion Description:
"boolean(./self::ds:SignatureMethod/ds:HMACOutputLength)=false()"

Failure Message:
A ds:SignatureMethod elements contains a ds:HMACOutputLength element as a child element (i.e., it is the case that "./self::ds:SignatureMethod/ds:HMACOutputLength").

Failure Detail Description:
The ds:SignatureMethod element in question.

Comments:
Old id="BSP6410"


Return to top of document.

Test Assertion: BSP5402

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
sigKeyInfo required

true

none none [Not specified] R5402

Context:
For any sigKeyInfo.

Assertion Description:
"boolean(./self::ds:KeyInfo[count(child::*)=1])=true()"

Failure Message:
A ds:KeyInfo element in a signature does NOT have exactly one child element (i.e., it is the case that "ds:Signature//ds:KeyInfo[count(child::*)!=1]").

Failure Detail Description:
The ds:KeyInfo element in question.

Comments:
Old id="BSP6302"


Return to top of document.

Test Assertion: BSP5417

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
sigKeyInfo required

true

none none BSP5402 R5417

Context:
For any sigKeyInfo element.

Assertion Description:
"boolean(./self::ds:KeyInfo/wsse:SecurityTokenReference)=true()"

Failure Message:
A ds:KeyInfo element in a signature does NOT have a wsse:SecurityTokenReference child element (i.e., it is NOT the case that "ds:KeyInfo/wsse:SecurityTokenReference").

Failure Detail Description:
The ds:KeyInfo element in question

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP5403

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
signature required

true

none none [Not specified] R5403

Context:
For any signature.

Assertion Description:
"boolean(./self::ds:Signature[descendant::ds:Manifest])=false()"

Failure Message:
A ds:Signature element in the message contains a ds:Manifest element.(i.e., it is the case that "./self::ds:Signature[descendant::ds:Manifest]").

Failure Detail Description:
The ds:Signature element in question.

Comments:
Old id="BSP6402"


Return to top of document.

Test Assertion: BSP5440

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
signature required

true

none none [Not specified] R5440

Context:
For any signature.

Assertion Description:
"boolean(./self::ds:Signature[descendant::xenc:EncryptedData])=false()"

Failure Message:
A ds:Signature element in the message contains an xenc:EncryptedData element.(i.e., it is the case that "./self::ds:Signature[descendant::xenc:EncryptedData]").

Failure Detail Description:
The ds:Signature element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3208

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
encryptedKey required

true

none none [Not specified] R3208

Context:
For any encryptedKey.

Assertion Description:
For __thisURI = "xenc:EncryptedKey//xenc:ReferenceList/xenc:DataReference/@URI", "boolean(./self::xenc:EncryptedKey/ancestor::wsse:Security//xenc:EncryptedData[concat('#',@Id)=__thisURI]/preceding-sibling::xenc:EncryptedKey=./self::xenc:EncryptedKey)=true()"

Failure Message:
An xenc:EncryptedKey element does not precedes the xenc:EncryptedData element that is referenced by the associated xenc:ReferenceList element specified in the xenc:EncryptedKey.

Failure Detail Description:
The xenc:EncryptedKey element in question.

Comments:
Old id="BSP6612"


Return to top of document.

Test Assertion: BSP3216

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
encryptedKey recommended

true

none none [Not specified] R3216

Context:
For any encryptedKey.

Assertion Description:
"boolean(./self::xenc:EncryptedKey/xenc:ReferenceList)=true()"

Failure Message:
An xenc:EncryptedKey element does not contain xenc:ReferenceList child element.

Failure Detail Description:
The xenc:EncryptedKey element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3209

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
encryptedKey required

true

none none [Not specified] R3209

Context:
For any encryptedKey.

Assertion Description:
"boolean(./self::xenc:EncryptedKey[@Type])=false()"

Failure Message:
An xenc:EncryptedKey elements in the security header contains a Type attribute (i.e., it is the case that "./self::xenc:EncryptedKey[@Type]").

Failure Detail Description:
The xenc:EncryptedKey element in question.

Comments:
Old id="BSP6507"


Return to top of document.

Test Assertion: BSP5622

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
encryptedKey required

true

none none [Not specified] R5622

Context:
For any encryptedKey.

Assertion Description:
"boolean(./self::xenc:EncryptedKey[@MimeType])=false()"

Failure Message:
An xenc:EncryptedKey elements in the security header contains a MimeType attribute (i.e., it is the case that "./self::xenc:EncryptedKey[@MimeType]").

Failure Detail Description:
The xenc:EncryptedKey element in question.

Comments:
Old id="BSP6512"


Return to top of document.

Test Assertion: BSP5623

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
encryptedKey required

true

none none [Not specified] R5623

Context:
For any encryptedKey.

Assertion Description:
"boolean(./self::xenc:EncryptedKey[@Encoding])=false()"

Failure Message:
An xenc:EncryptedKey elements in the security header contains a Encoding attribute (i.e., it is the case that "./self::xenc:EncryptedKey[@Encoding]").

Failure Detail Description:
The xenc:EncryptedKey element in question.

Comments:
Old id="BSP6513"


Return to top of document.

Test Assertion: BSP5602

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
encryptedKey required

true

none none [Not specified] R5602

Context:
For any encryptedKey.

Assertion Description:
"boolean(./self::xenc:EncryptedKey[@Recipient])=false()"

Failure Message:
An xenc:EncryptedKey element contains a Recipient attribute (i.e., it is the case that "./self::xenc:EncryptedKey[@Recipient]").

Failure Detail Description:
The xenc:EncryptedKey element in question.

Comments:
Old id="BSP6502"


Return to top of document.

Test Assertion: BSP5603

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
encryptedKey required

true

none none [Not specified] R5603

Context:
For any encryptedKey.

Assertion Description:
"boolean(./self::xenc:EncryptedKey[xenc:EncryptionMethod])=true()"

Failure Message:
An xenc:EncryptedKey element does NOT contain an xenc:EncryptionMethod child element (i.e., it is NOT the case that "./self::xenc:EncryptedKey[xenc:EncryptionMethod]").

Failure Detail Description:
The xenc:EncryptedKey element in question

Comments:
Old id="BSP6503"


Return to top of document.

Test Assertion: BSP5629

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
encryptedData required

true

none none [Not specified] R5629

Context:
For any encryptedData which is not referenced from an encryptedKey.

Assertion Description:
"boolean(./self::xenc:EncryptedData[ds:KeyInfo])=true()"

Failure Message:
The xenc:EncryptedData element does not contain a ds:KeyInfo element (i.e. it is NOT the case that "./self::xenc:EncryptedData[ds:KeyInfo]").

Failure Detail Description:
The xenc:EncryptedData element in question

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP5601

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
encryptedData required

true

none none [Not specified] R5601

Context:
For any encryptedData.

Assertion Description:
"boolean(./self::xenc:EncryptedData[xenc:EncryptionMethod])=true()"

Failure Message:
An xenc:EncryptedData element does NOT contain an xenc:EncryptionMethod child element (i.e., it is NOT the case that "./self::xenc:EncryptedData[xenc:EncryptionMethod]").

Failure Detail Description:
The xenc:EncryptedData element in question

Comments:
Old id="BSP6501"


Return to top of document.

Test Assertion: BSP5424

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
encKeyInfo required

true

none none [Not specified] R5424

Context:
For any encKeyInfo.

Assertion Description:
"boolean(./self::ds:KeyInfo[count(child::*)=1])=true()"

Failure Message:
A ds:KeyInfo element in an xenc:EncryptedKey does NOT have exactly one child element.(i.e., it is NOT the case that "./self::ds:KeyInfo[count(child::*)=1]").

Failure Detail Description:
The ds:KeyInfo element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP5426

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
encKeyInfo required

true

none none BSP5424 R5426

Context:
For any encKeyInfo.

Assertion Description:
"boolean(./self::ds:KeyInfo[wsse:SecurityTokenReference])=true()"

Failure Message:
A ds:KeyInfo element in an xenc:EncryptedKey does NOT contain a wsse:SecurityTokenReference child (i.e., it is NOT the case that "./self::ds:KeyInfo[wsse:SecurityTokenReference]").

Failure Detail Description:
The ds:KeyInfo element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP5608

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
encDataReference required

true

none none [Not specified] R5608

Context:
For any encDataReference.

Assertion Description:
./self::xenc:DataReference/@URI contains a Shorthand XPointer reference value based on the ID attribute of the referred to xenc:EncryptedData.

Failure Message:
An xenc:DataReference refers to an xenc:EncryptedData without using a Shorthand XPointer reference based on its ID attribute.

Failure Detail Description:
The xenc:DataReference element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3006

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
ekDataReference required

true

none none [Not specified] R3006

Context:
For any ekDataReference.

Assertion Description:
./self::xenc:DataReference/@URI contains a Shorthand XPointer reference value based on the ID attribute of the referred to xenc:EncryptedData.

Failure Message:
An xenc:DataReference refers to an xenc:EncryptedData without using a Shorthand XPointer reference based on its ID attribute.

Failure Detail Description:
The xenc:DataReference element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP5613

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
encKeyReference required

true

none none [Not specified] R5613

Context:
For any encKeyReference.

Assertion Description:
./self::xenc:KeyReference/@URI contains a Shorthand XPointer reference value based on the ID attribute of the referred to xenc:EncryptedKey.

Failure Message:
An xenc:KeyReference refers to an xenc:EncryptedKey without using a Shorthand XPointer reference based on its ID attribute.

Failure Detail Description:
The xenc:KeyReference element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3007

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
ekKeyReference required

true

none none [Not specified] R3007

Context:
For any ekKeyReference.

Assertion Description:
./self::xenc:KeyReference/@URI contains a Shorthand XPointer reference value based on the ID attribute of the referred to xenc:EncryptedKey.

Failure Message:
An xenc:KeyReference refers to an xenc:EncryptedKey without using a Shorthand XPointer reference based on its ID attribute.

Failure Detail Description:
The xenc:KeyReference element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP5620

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
edEncryptionMethod required

true

none none [Not specified] R5620

Context:
For any edEncryptionMethod.

Assertion Description:
"boolean(./self::xenc:EncryptionMethod[ @Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc' or @Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc' or @Algorithm='http://www.w3.org/2001/04/xmlenc#aes256-cbc'])=true()"

Failure Message:
An xenc:EncryptionMethod contains an Algorithm attribute with a value other than one of "http://www.w3.org/2001/04/xmlenc#tripledes-cbc" or "http://www.w3.org/2001/04/xmlenc#aes128-cbc" or "http://www.w3.org/2001/04/xmlenc#aes256-cbc" (i.e., it is NOT the case that "./self::xenc:EncryptionMethod[ @Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc' or @Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc' or @Algorithm='http://www.w3.org/2001/04/xmlenc#aes256-cbc']").

Failure Detail Description:
The xenc:EncryptionMethod element in question.

Comments:
Old id="BSP6505"


Return to top of document.

Test Assertion: BSP5626

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
ekEncryptionMethod required

true

none none [Not specified] R5626

Context:
For any ekEncryptionMethod.

Assertion Description:
"boolean( ./self::xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-1_5' or @Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' or @Algorithm='http://www.w3.org/2001/04/xmlenc#kw-tripledes' or @Algorithm='http://www.w3.org/2001/04/xmlenc#kw-aes128' or @Algorithm='http://www.w3.org/2001/04/xmlenc#kw-aes256'])=true()"

Failure Message:
A xenc:EncryptionMethod elements Algorithm attribute contains a value other than "http://www.w3.org/2001/04/xmlenc#rsa-1_5" or "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" or "http://www.w3.org/2001/04/xmlenc#kw-tripledes" or "http://www.w3.org/2001/04/xmlenc#kw-aes128" or "http://www.w3.org/2001/04/xmlenc#kw-aes256".

Failure Detail Description:
The headerElement element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP5614

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
headerElement required

true

none none [Not specified] R5614

Context:
For any headerElement.

Assertion Description:
"count(./self::xenc:EncryptedData)=0"

Failure Message:
The soap:Header has a xenc:EncryptedData element as its child.

Failure Detail Description:
The headerElement element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP3029

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
binarySecurityToken required

true

none none [Not specified] R3029

Context:
For any binarySecurityToken.

Assertion Description:
"boolean(./self::wsse:BinarySecurityToken[@EncodingType])=true()"

Failure Message:
A wsse:BinarySecurityToken does NOT contain a EncodingType attribute (i.e., it is NOT the case that "./self::wsse:BinarySecurityToken[@EncodingType]").

Failure Detail Description:
The wsse:BinarySecurityToken element in question.

Comments:
old id="BSP6001"


Return to top of document.

Test Assertion: BSP3030

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
binarySecurityToken required

true

none none BSP3029 R3030

Context:
For any binarySecurityToken.

Assertion Description:
"boolean(./self::wsse:BinarySecurityToken[@EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'])=true()"

Failure Message:
A wsse:BinarySecurity tokens contains an EncodingType attribute with a value other than "http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#Base64Binary" (i.e., it is NOT the case that "./self::wsse:BinarySecurityToken[@EncodingType='http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#Base64Binary']".

Failure Detail Description:
The wsse:BinarySecurityToken element in question.

Comments:
Old id="BSP6007"


Return to top of document.

Test Assertion: BSP3031

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
binarySecurityToken required

true

none none [Not specified] R3031

Context:
For any binarySecurityToken.

Assertion Description:
"boolean(./self::wsse:BinarySecurityToken[@ValueType])=true()"

Failure Message:
A wsse:BinarySecurityToken does NOT contain a ValueType attribute (i.e., it is NOT the case that "./self::wsse:BinarySecurityToken[@ValueType]").

Failure Detail Description:
The wsse:BinarySecurityToken element in question.

Comments:
Old id="BSP6002"


Return to top of document.

Test Assertion: BSP3032

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
binarySecurityToken required

true

none none BSP3031 R3032

Context:
For any binarySecurityToken.

Assertion Description:
./self::wsse:BinarySecurityToken/@ValueType has a value specified by a related security token profile.

Failure Message:
A wsse:BinarySecurityToken element has a ValueType attribute whose value is outside the defined token profiles.

Failure Detail Description:
The wsse:BinarySecurityToken element in question.

Comments:
Old id="BSP6603".


Return to top of document.

Test Assertion: BSP4222

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
usernameToken required

true

none none [Not specified] R4222

Context:
For any usernameToken.

Assertion Description:
"count(./self::wsse:UsernameToken/wsse:Password)<=1"

Failure Message:
A wsse:UsernameToken element contains more than one wsse:Password (i.e., it is NOT the case that "count(./self::wsse:UsernameToken/wsse:Password)<=1").

Failure Detail Description:
The wsse:UsernameToken element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP4201

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
password required

true

none none [Not specified] R4201

Context:
For any password.

Assertion Description:
"boolean(./self::wsse:Password/@Type)=true()"

Failure Message:
A wsse:Password element does NOT contain a Type attribute (i.e., it is NOT the case that "./self::wsse:Password/@Type").

Failure Detail Description:
The wsse:Password element in question.

Comments:
Old id="BSP6005"


Return to top of document.

Test Assertion: BSP4223

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
usernameToken required

true

none none [Not specified] R4223

Context:
For any usernameToken.

Assertion Description:
"count(./self::wsse:UsernameToken/wsu:Created)<=1"

Failure Message:
A wsse:UsernameToken element contains more than one wsu:Created (i.e., it is NOT the case that "count(./self::wsse:UsernameToken/wsu:Created)<=1").

Failure Detail Description:
The wsse:UsernameToken element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP4225

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
usernameToken required

true

none none [Not specified] R4225

Context:
For any usernameToken.

Assertion Description:
"count(./self::wsse:UsernameToken/wsse:Nonce)<=1"

Failure Message:
A wsse:UsernameToken element contains more than one wsse:Nonce (i.e., it is NOT the case that "count(./self::wsse:UsernameToken/wsse:Nonce)<=1").

Failure Detail Description:
The wsse:UsernameToken element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP4220

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
nonce required

true

none none [Not specified] R4220

Context:
For any nonce.

Assertion Description:
"boolean(./self::wsse:Nonce/@EncodingType)=true()"

Failure Message:
A wsse:Nonce does NOT contain an EncodingType attribute (i.e, it is NOT the case that "./self::wsse:Nonce/@EncodingType").

Failure Detail Description:
The wsse:Nonce element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP4221

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
nonce required

true

none none BSP4220 R4221

Context:
For any nonce.

Assertion Description:
"boolean(./self::wsse:Nonce[@EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'])=true()"

Failure Message:
A wsse:Nonce contains an EncodingType attribute that does NOT have a value "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" (i.e., it is NOT the case that "./self::wsse:Nonce[@EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary']").

Failure Detail Description:
The wsse:Nonce element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP4214

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
strReference required

true

none none BSP3059 R4214

Context:
For any strReference to a usernameToken.

Assertion Description:
"boolean(./self::wsse:Reference[@ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken'])=true()"

Failure Message:
A wsse:Reference element that refers to a wsse:UsernameToken does not have a ValueType attribute of "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken" (i.e., it is NOT the case that "./self::wsse:Reference[@ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken'").

Failure Detail Description:
The wsse:Reference element in question.

Comments:
Because of R5204, we can assume that the strReference uses a Shorthand XPointer URI, and so we can always determine if a strReference references a usernameToken.


Return to top of document.

Test Assertion: BSP6301

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
strReference required

true

none none [Not specified] R6301

Context:
For any strReference that refers to an internalSecurityToken that is an relToken containing a wsu:Id attribute.

Assertion Description:
"starts-with(./self::wsse:Reference/@URI, '#') = true()"

Failure Message:
A wsse:Reference element that refers to an rel:license element can use the shorthand XPointer format but does not.

Failure Detail Description:
The wsse:Reference element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP6602

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
strKeyIdentifier required

true

none none [Not specified] R6602

Context:
For any strKeyIdentifier that references an internalSamlToken.

Assertion Description:
"boolean(./self::wsse:KeyIdentifier[@ValueType])=true()"

Failure Message:
A wsse:KeyIdentifier element that references an internalSamlToken does not contain a ValueType attribute (i.e. it is NOT the case that ./self::wsse:KeyIdentifier[@ValueType]).

Failure Detail Description:
The wsse:KeyIdentifier element in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP6604

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
strKeyIdentifier required

true

none none [Not specified] R6604

Context:
For Any strKeyIdentifier that references a samlToken.

Assertion Description:
"boolean(./self::wsse:KeyIdentifier[@EncodingType])=false()"

Failure Message:
A wsse:KeyIdentifier that references a saml:Assertion includes an EncodingType attribue (i.e., it IS the case that "boolean(./self::wsse:KeyIdentifier[@EncodingType])=false()"

Failure Detail Description:
The wsse:KeyIdentifier in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP6607

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
samlAuthorityBinding required

true

none none [Not specified] R6607

Context:
For any samlAuthorityBinding that contains an AuthorityKind attribute.

Assertion Description:
"boolean(./self::saml:AuthorityBinding[@AuthorityKind='saml:AssertionIdReference'])=true()"

Failure Message:
The AuthorityKind attribute in saml:AuthorityBinding element does NOT contain the value "saml:AssertionIdReference" (i.e., it is NOT the case that "./self::saml:AuthorityBinding[@AuthorityKind='saml:AssertionIdReference']").

Failure Detail Description:
The saml:AuthorityBinding in question.

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP6997

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
anySecureEnvelope notTestable

false

none none [Not specified] R5800
R5801
R5802
R5803
R5804
R5805
R5806
R5807
R5808
R5809
R5810
R5811
R5812
R5813
R5814

Context:
For a message obtained by reversing the SOAP Messsage Security of any secure message.

Assertion Description:
Not testable.

Failure Message:
Not testable.

Failure Detail Description:
[Not specified]

Comments:
These restrictions are intended to clarify BP1.0 and BP1.1 statements that might be unclear when SOAP Message Security is applied in compliance with the Basic Security Profile.


Return to top of document.

Test Assertion: BSP6998

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
anySecureEnvelope notTestable

false

none none [Not specified] R6001
R6002
R6003
R6100
R6101
R6103
R6104
R6106
R6107
R6108
R6109
R6200
R6201
R6202
R6203

Context:
These assertions provide guidance for protecting attachements when they are used with SOAP Messages.

Assertion Description:
Not testable.

Failure Message:
Not testable.

Failure Detail Description:
[Not specified]

Comments:
[Not specified]


Return to top of document.

Test Assertion: BSP6999

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
anySecureEnvelope notTestable

false

none none [Not specified] R2001
R2002
C2010
R3002
R3003
R3004
R3005
R3022
R3023
R3024
R3025
R3033
R3058
R3061
R3063
R3105
R3106
R3205
R3207
R3211
R3212
R3214
R3228
C4210
C4211
R4212
R4215
R5201
R5202
R5204
R5205
R5206
R5208
R5209
R5210
R5405
R5406
R5407
R5408
R5409
R5413
R5414
R5415
C5441
C5442
C5443
R5606
R5621
R5624
R5625
C5630
R5701
R5702
R5703
R5704
R6302
R6601
R6603
R6605
R6606
R6608
R6609
R6902
R6903
R6904
R6905
E0009
E0010
E0011
E0012
E0013

Context:
Not testable.

Assertion Description:
Not testable.

Failure Message:
Not testable.

Failure Detail Description:
Not testable.

Comments:
All of these profile requirements are NOT testable. Some of these test assertions represent capabilities which can not be validated.


Return to top of document.

Test Assertion: BSP0002

Entry Type Test Type Enabled Additional Entry Types Prerequisites Profile Requirements
Message Input WSDL Input Target Partial-Target Collateral
anySecureEnvelope informational

true

none none [Not specified] E0002

Context:
For any secure envelope containing a wsse:SecurityTokenReference element.

Assertion Description:
For each token referenced by the wsse:SecurityTokenReference get the referenced token and check if it is in the additional token profile.

Detail Description:

Comments:
Old id="BSP6600"


Return to top of document.



Test Assertion Counts

Total Count: 83

Count By Type:

Type Count
required 71
recommended 8
notTestable 3
informational 1

Count By Enabled Indicator:

Enabled Count
true 80
false 3


Profile Requirement Index

This index contains a list of all of the requirements listed in the test assertion document.

Profile Requirement Test Assertion
E0002 BSP0002
R2001 BSP6999
R2002 BSP6999
C2010 BSP6999
R3002 BSP6999
R3003 BSP6999
R3004 BSP6999
R3005 BSP6999
R3022 BSP6999
R3023 BSP6999
R3024 BSP6999
R3025 BSP6999
R3033 BSP6999
R3058 BSP6999
R3061 BSP6999
R3063 BSP6999
R3105 BSP6999
R3106 BSP6999
R3205 BSP6999
R3207 BSP6999
R3211 BSP6999
R3212 BSP6999
R3214 BSP6999
R3228 BSP6999
C4210 BSP6999
C4211 BSP6999
R4212 BSP6999
R4215 BSP6999
R5201 BSP6999
R5202 BSP6999
R5204 BSP6999
R5205 BSP6999
R5206 BSP6999
R5208 BSP6999
R5209 BSP6999
R5210 BSP6999
R5405 BSP6999
R5406 BSP6999
R5407 BSP6999
R5408 BSP6999
R5409 BSP6999
R5413 BSP6999
R5414 BSP6999
R5415 BSP6999
C5441 BSP6999
C5442 BSP6999
C5443 BSP6999
R5606 BSP6999
R5621 BSP6999
R5624 BSP6999
R5625 BSP6999
C5630 BSP6999
R5701 BSP6999
R5702 BSP6999
R5703 BSP6999
R5704 BSP6999
R6302 BSP6999
R6601 BSP6999
R6603 BSP6999
R6605 BSP6999
R6606 BSP6999
R6608 BSP6999
R6609 BSP6999
R6902 BSP6999
R6903 BSP6999
R6904 BSP6999
R6905 BSP6999
E0009 BSP6999
E0010 BSP6999
E0011 BSP6999
E0012 BSP6999
E0013 BSP6999
R3001 BSP3001
R3006 BSP3006
R3007 BSP3007
R3027 BSP3027
R3029 BSP3029
R3030 BSP3030
R3031 BSP3031
R3032 BSP3032
R3054 BSP3054
R3056 BSP3056
R3057 BSP3057
R3059 BSP3059
R3060 BSP3060
R3062 BSP3062
R3064 BSP3064
R3065 BSP3065
R3066 BSP3066
R3067 BSP3067
R3070 BSP3070
R3071 BSP3071
R3102 BSP3102
R3103 BSP3103
R3104 BSP3104
R3203 BSP3203
R3204 BSP3204
R3206 BSP3206
R3208 BSP3208
R3209 BSP3209
R3210 BSP3210
R3213 BSP3213
R3215 BSP3215
R3216 BSP3216
R3217 BSP3217
R3220 BSP3220
R3221 BSP3221
R3222 BSP3222
R3223 BSP3223
R3224 BSP3224
R3225 BSP3225
R3226 BSP3226
R3227 BSP3227
R3229 BSP3229
R4201 BSP4201
R4214 BSP4214
R4220 BSP4220
R4221 BSP4221
R4222 BSP4222
R4223 BSP4223
R4225 BSP4225
R5401 BSP5401
R5402 BSP5402
R5403 BSP5403
R5404 BSP5404
R5411 BSP5411
R5412 BSP5412
R5416 BSP5416
R5417 BSP5417
R5420 BSP5420
R5421 BSP5421
R5423 BSP5423
R5424 BSP5424
R5426 BSP5426
R5440 BSP5440
R5601 BSP5601
R5602 BSP5602
R5603 BSP5603
R5607 BSP5607
R5608 BSP5608
R5613 BSP5613
R5614 BSP5614
R5620 BSP5620
R5622 BSP5622
R5623 BSP5623
R5626 BSP5626
R5629 BSP5629
R5800 BSP6997
R5801 BSP6997
R5802 BSP6997
R5803 BSP6997
R5804 BSP6997
R5805 BSP6997
R5806 BSP6997
R5807 BSP6997
R5808 BSP6997
R5809 BSP6997
R5810 BSP6997
R5811 BSP6997
R5812 BSP6997
R5813 BSP6997
R5814 BSP6997
R6001 BSP6998
R6002 BSP6998
R6003 BSP6998
R6100 BSP6998
R6101 BSP6998
R6103 BSP6998
R6104 BSP6998
R6106 BSP6998
R6107 BSP6998
R6108 BSP6998
R6109 BSP6998
R6200 BSP6998
R6201 BSP6998
R6202 BSP6998
R6203 BSP6998
R6301 BSP6301
R6602 BSP6602
R6604 BSP6604
R6607 BSP6607

Appendix A: Referenced Specifications

The following specifications' requirements are incorporated into the Test Assertion Document (TAD) by reference, except where superseded by the TAD:

Secure SOAP Envelope: