[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ebxml-msg] RE: [wsi_secprofile] RE: FW: WSS27 issue
Martin, The dsig:Signature element the specification (2.0) presently describes includes three transformations. No transform URIs that are not in the XML Digital Signature recommendation, just: <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> <XPath> not ( ancestor-or-self::()[@SOAP:actor="urn:oasis:names:tc:ebxml-msg:actor:nextMSH"] | ancestor-or-self::()[@SOAP:actor="http://schemas.xmlsoap.org/soap/actor/next"] ) </XPath> </Transform> <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> We are hoping to migrate to using a WSS Signature with 3.0 and, I believe, could use very different transformations that result in a similar set of successful validations. Your earlier suggestion of ignoring all headers except those without a soap:actor attribute or identifying the ultimate destination with that attribute is a good one that I think we could incorporate, for example. thanx, doug On 26-Mar-04 02:51, Martin Gudgin wrote: > Pete, Doug, > > Are the ebMS 2.0 transforms just Xpath expressions? Or do they have > their own transform URI? > > Gudge > > >>-----Original Message----- >>From: Pete Wenzel [mailto:pete@seebeyond.com] >>Sent: 25 March 2004 21:13 >>To: Doug Bunting >>Cc: Martin Gudgin; dave.prout@bt.com; ebxml-msg@lists.oasis-open.org >>Subject: Re: [ebxml-msg] RE: [wsi_secprofile] RE: FW: WSS27 issue >> >>The WS-I BSP WG just reversed its previous decision on this issue. >>The profile will now explictly allow the "enveloped-signature" >>transform, and will not disallow enveloped signatures via other XPath >>expressions in general. New text reflecting this decision will appear >>in the next Working Group Draft, which should be made public this >>week. >> >>So in addition to further exploring Gudge's direction to determine >>whether it can be made to fulfill our requirements, we now have the >>option to continue using something like our ebMS 2.0 transforms yet >>still conform to the BSP. >> >>--Pete >>Pete Wenzel <pete@seebeyond.com> >>Senior Architect, SeeBeyond >>Standards & Product Strategy >>+1-626-471-6311 (US-Pacific) >> >>Thus spoke Doug Bunting (Doug.Bunting@Sun.COM) on Sun, Mar >>21, 2004 at 08:30:00PM -0800: >> >>>Martin, >>> >>>Thank you for your response. At this point, I feel assured >> >>options are >> >>>available to the ebXML Messaging TC. I would appreciate >> >>some additional >> >>>explanation however. >>>... >>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]