OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [XML Signature] DSig-01


The SOAP-Dsig NOTE [1] to the W3C carries IPR baggage. It is not being
considered at this time by the XML Protocol WG, nor are there plans to do so
at this time.

In any event, [1] uses an enveloped-signature, not a detached signature when
signing the message as a whole, detached only when the signature applies only to say the
Body element.

Cheers,

Chris

[1]  http://www.w3.org/TR/SOAP-dsig/

Rich Salz wrote:
3BBDD179.39152E83@zolera.com">
Anders Rundgren wrote:
Scott,
In OBI V4 we will use SOAP's way of signing for SOAP-enveloped
messages.

What is SOAP's way of signign? Is it the W3C Note on SOAP Security? If
so, I think there's a good chance it will end up being only marginally
useful -- it provides a way to carry a signature when the application
itself doesn't provide one. Who is going to use that? Either the
application cares about the signature, in which case it should "leave
space" in its XML schemata, or it doesn't care and the SOAP system will
be doing signature validation, in which case it's probably good enough
to use SSL/TLS.
/r$



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC