OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ebxml-msg] RE: [wsi_secprofile] RE: FW: WSS27 issue

Martin,

The dsig:Signature element the specification (2.0) presently describes 
includes three transformations.  No transform URIs that are not in the XML 
Digital Signature recommendation, just:

<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116";>
   <XPath> not ( 
ancestor-or-self::()[@SOAP:actor="urn:oasis:names:tc:ebxml-msg:actor:nextMSH"] 
|
ancestor-or-self::()[@SOAP:actor="http://schemas.xmlsoap.org/soap/actor/next";] 
)
   </XPath>
</Transform>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>

We are hoping to migrate to using a WSS Signature with 3.0 and, I believe, 
could use very different transformations that result in a similar set of 
successful validations.  Your earlier suggestion of ignoring all headers 
except those without a soap:actor attribute or identifying the ultimate 
destination with that attribute is a good one that I think we could 
incorporate, for example.

thanx,
	doug

On 26-Mar-04 02:51, Martin Gudgin wrote:

> Pete, Doug,
> 
> Are the ebMS 2.0 transforms just Xpath expressions? Or do they have
> their own transform URI? 
> 
> Gudge 
> 
> 
>>-----Original Message-----
>>From: Pete Wenzel [mailto:pete@seebeyond.com] 
>>Sent: 25 March 2004 21:13
>>To: Doug Bunting
>>Cc: Martin Gudgin; dave.prout@bt.com; ebxml-msg@lists.oasis-open.org
>>Subject: Re: [ebxml-msg] RE: [wsi_secprofile] RE: FW: WSS27 issue
>>
>>The WS-I BSP WG just reversed its previous decision on this issue.
>>The profile will now explictly allow the "enveloped-signature"
>>transform, and will not disallow enveloped signatures via other XPath
>>expressions in general.  New text reflecting this decision will appear
>>in the next Working Group Draft, which should be made public this
>>week.
>>
>>So in addition to further exploring Gudge's direction to determine
>>whether it can be made to fulfill our requirements, we now have the
>>option to continue using something like our ebMS 2.0 transforms yet
>>still conform to the BSP.
>>
>>--Pete
>>Pete Wenzel <pete@seebeyond.com>
>>Senior Architect, SeeBeyond
>>Standards & Product Strategy
>>+1-626-471-6311 (US-Pacific)
>>
>>Thus spoke Doug Bunting (Doug.Bunting@Sun.COM) on Sun, Mar 
>>21, 2004 at 08:30:00PM -0800:
>>
>>>Martin,
>>>
>>>Thank you for your response.  At this point, I feel assured 
>>
>>options are 
>>
>>>available to the ebXML Messaging TC.  I would appreciate 
>>
>>some additional 
>>
>>>explanation however.
>>>...
>>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]