initial trim of websocket section

5.0/en/0x21-V13-API.md

@@ -62,11 +62,9 @@ Note: Due to issues with XXE attacks against DTDs, DTD validation should not be
 | # | Description | L1 | L2 | L3 | CWE |
 | :---: | :--- | :---: | :---: | :---: | :---: |
 | **13.5.1** | [ADDED] Verify that WebSocket Secure (wss) is used for all WebSocket connections. | ✓ | ✓ | ✓ | 319 |
-| **13.5.2** | [ADDED] Verify that, during the initial HTTP WebSocket handshake, the Origin header is checked against an allow list of authorized origins. | ✓ | ✓ | ✓ | 346 |
-| **13.5.3** | [ADDED] Verify that rate limiting is in place for WebSocket messages. | ✓ | ✓ | ✓ | 770 |
-| **13.5.4** | [ADDED] Verify that tokens possess at least 128 bits of entropy and are generated using approved cryptographic algorithms if session or channel tokens specific to WebSockets are being used. | ✓ | ✓ | ✓ | 331 |
-| **13.5.5** | [ADDED] Verify that the tokens are initially obtained from a response to secure POST request only, and are not sent by the server through the WebSocket connection if session or channel tokens specific to WebSockets are being used. | ✓ | ✓ | ✓ | 319 |
-| **13.5.6** | [ADDED] Verify that authentication is done before opening the WebSocket connection if only authenticated users should be able to use WebSockets. | ✓ | ✓ | ✓ | 306 |
+| **13.5.2** | [ADDED] Verify that, during the initial HTTP WebSocket handshake, the Origin header is checked against a list of origins allowed for the application. | ✓ | ✓ | ✓ | 346 |
+| **13.5.3** | [ADDED] Verify that, if the application's standard session management cannot be used, dedicated tokens are being used for this which comply with the relevant Session Management security requirements. | ✓ | ✓ | ✓ | 331 |
+| **13.5.4** | [ADDED] Verify that dedicated WebSocket session management tokens are initially obtained or validated through the previously authenticated HTTPS session when transitioning an existing HTTPS session to a WebSocket channel. | ✓ | ✓ | ✓ | 319 |
 
 ## References