[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ebxml-msg] WSI signatures propsal & impact on ebXML Messaging
First, the WSI BSP is not ratified yet. Second, if WSI were to prohibit WSS signatures using xmldsig enveloped signatures, ebXML users could fall back to the ebMS 2.0 signature mechanisms if they wanted to have enveloped signatures (that also included the current xpath filtering that allows intermediary added signatures). I think ensuring that this option is available depends on what we do in creating the ebMS 3.0 header definition. ebMS 3.0 users wishing to use _only_ the wsse:security header blocks in a wsi conforming manner may therefore not have precisely the same functionality as had existed in ebMS 2.0. But, theoretically, an ebMS 2.0 signature in an ebXML header could be combined with a future ebMS 3.0 approach that uses wsse:security header blocks (supposing someone invents a use case for that combination!) In other words, ebMS 3.0 could use wsse:security header blocks in a wsi conformant way, but also allow the ebMS 2.0 signature mode in its header when that functionality was desired. I think that an ebMS 2.0 style signature mode would typically fail for some cases where the wsse:security detached signature succeeds. So I suspect that users would opt for one rather than the other mechanism. But because ebMS header blocks containing signatures would fall under a wsi extension point, I don't think they would count as breaking any wsi conformance requirement. I think that whatever wsi consensus gets established for use of wsse:security header blocks can be satisfied by ebMS v 3.0. So it may not be possible to get all the requirements that are currently satisfied when using the ebMS 2.0 security approach also satisfied when using a wsi-conforming, wsse:security-using message. But I am not clear that I see why that would necessarily has to be a problem. Dale Moberg -----Original Message----- From: ian.c.jones@bt.com [mailto:ian.c.jones@bt.com] Sent: Wednesday, March 17, 2004 6:39 AM To: ebxml-msg@lists.oasis-open.org Subject: [ebxml-msg] WSI signatures propsal & impact on ebXML Messaging Importance: Low TC members, I have been forwarded the following from people attending the WSI meeting this week about using detached signatures as part of their profile. As the current version 2 specification uses enveloped signatures I would appreciate any comments from those of you that understand the issue better than I. This decision will obviously affect any version 3 work that relates to security and WSI profile(s) these are items under consideration for inclusion. Please forward to any parties that may have a view on this issue.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]