[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss-comment] Comments on wss-swa-profile-1.0-cd-01
Brian Thank you for reviewing the SwA profile Committee Draft. I'll try to respond, but there are also others on the list who can add something or correct me if I've got something wrong. (1) The primary issue you point out is the layering issue. I think there are a couple of points to consider here. First, this profile is intended to address the explicit requirement of being able to secure attachments when an application deals with attachments explicitly, using SwA. This does not preclude the use of MTOM. Which is more elegant or appropriate is out of scope. Second, it is necessary to secure some MIME headers to secure the attachment properly. The committee felt that certain MIME headers are exposed to the application, so may be treated as-if at a different layer than others which may be changed during message transport at the MIME layer. Hence the profile attempts to limit which MIME headers may be secured in an attempt to meet the layering goal. I should point out that we treated the layering as a "goal" but not an absolute requirement. Although I sympathize with the layering concern, I think from a pragmatic view this profile outlines a fairly simple way to secure SwA. We discussed the possibility of copying headers into the primary soap envelope (e.g. into a signature object as you suggest) and decided not to do that. We should list this as an issue from public review and discuss it. (2) I believe you are correct, we should state in the profile that the output of both Attachment-Content-Only and Attachment-Complete is an octet-stream. Thanks for pointing this out. (3) You are entirely correct on transforms, and I think we should change this. The goal was to clarify the processing and that commonly a base64 transform would not need to be explicitly called out in the transform chain. Perhaps a non-normative explanation would suffice. Another potential issue for the TC to discuss. (4) The goal is to not *require* XML canonicalization of XML attachment content to enable this SwA profile processing. This does not preclude attachment XML canonicalization if an application deems it necessary for processing (e.g. by an intermediary) and this policy is conveyed to the appropriate parties (as would be necessary in any case). Is this an issue for a bit of clarifying language that such XML canonicalization MAY be performed if participants agree, or am I missing a larger issue? (5) Yes the assumption was that text/xml attachments would be canonicalized as type text. (6) Again, the issue of layering for encryption assumed that certain MIME headers are visible to an application interface so should be treated as content, while others are not and are not included in the encryption. (7) The assumption is that there was no need to discuss interactions with S/MIME security such secured items can be treated as opaque by this SOAP Message security - there is no need to go into such attachments to look at the security mechanisms. The goal here was to use SOAP Message security with SwA. Other TC members may have additional comment. Thanks again, you raise good points. regards, Frederick Frederick Hirsch Nokia -----Original Message----- From: ext Brian LaMacchia [mailto:bal@exchange.microsoft.com] Sent: Friday, February 11, 2005 12:47 PM To: wss-comment@lists.oasis-open.org Subject: [wss-comment] Comments on wss-swa-profile-1.0-cd-01 Dear OASIS WSS TC Members, Here are my comments on wss-swa-profile-1.0-cd-01, the 23 December 2004 Committee Draft 01 version of SOAP Messages with Attachments (SwA) Profile 1.0. In reading this draft I focused primarily on the signature-related sections, in particular Section 4.4, and how this draft uses the W3C XMLDSIG Recommendation (IETF RFC 3275). 1) First, a high-level comment: there's a fundamental conflict in this spec between the layered processing approach described in Section 2 (MIME Processing) and the detailed signature construction rules in Section 4.4.4. Section 2 states quite clearly that the goal of this specification is to define a layering along the lines of: a) Sender SOAP message signature construction b) Sender MIME formatting/serialization c) Message transfer from sender to recipient d) Recipient MIME de-formatting/de-serialization e) Recipient SOAP message signature verification However, the signature construction rules in Section 4.4.4 violate the ordering of (a) and (b) -- they intermix processing steps from both the SOAP and MIME worlds. Section 4.4.4 Steps 1 and 2 state that compliant implementations must first *MIME* canonicalize the to-be-signed content, then construct the SOAP message, form the SOAP signature, and then MIME format the message. This violates the basic layering principle. It would be much better, and in alignment with the XMLDSIG specification, if instead attachment signatures were formed as "detached signatures" in accordance with XMLDSIG and then the detached signature and attachments packages together into a single MIME multipart package. [Note: Doing detached signatures & then packaging is completely straightforward for "Attachment-Content-Only" attachments. For Attachment-Complete attachments, though, it's not so straightforward because as defined in the spec signing an Attachment-Complete attachment explicitly violates the SOAP/MIME layering rules. There seems to be something deeper going on in Section 4.3.2 because I don't understand how the MIME headers can have any signficiance if the layering principle holds true. Either the MIME headers are strictly a side-effect of the MIME-layer packaging, or they are being used in this spec to convey important Attachment-related metadata. If the latter is true, it would be more in line with XMLDSIG to put this metadata either in the Reference itself or in another XML structure within Object elements in main the Signature element.] Section 4.4.5 commits the same layering violation as Section 4.4.4, but in reverse: after de-MIME'ing the received message the MIME type information must be maintained so that the received attachments can be properly MIME-canonicalized before doign XMLDSIG Reference processing. In my view, it should be possible to XMLDSIG sign data that will be transferred in MIME attachments without the XMLDSIG engine needing to know anything about the MIME transport layer. Similarly, the MIME transport layer should not need to have any awareness of the SOAP or XMLDISG-specific nature of the content it (the MIME layer) is transferring. The only touch points between the two layers need be the URIs used in References (the cid: URIs). 2) Now for some lower-level comments. SwA defines two new Transforms for the XMLDSIG Transform processing model (Attachment-Content-Only and Attachment-Complete). In the XMLDSIG Transform processing model (see XMlDSIG Section 4.3.2.2), Transforms either accept XML Node-sets or octet streams; both of these new SwA Transforms appear to be octet-stream input Transforms (although it's not explicitly stated). However, the output format of the SwA Tranforms is not defined because the MIME Content Canonicalization algorithm is not defined (Section 4.4.2 says it varies by MIME type). Since MIME Header Canonicalization (Section 4.4.1) outputs a UTF8-formatted octet stream, I believe the intent is that the output of both Attachment-Content-Only and Attachment-Complete is an octet-stream. This needs to be clarified in the specification if it is the intent of the spec. 3) In Section 4.4.4 (Processing Rules for Attachment Signatures), Step 4, lines 346--348 is confusing. It appears that the intent of this MUST NOT is to instruct implementers that they should not include any Transforms in the Transform chain that deal with MIME encodings, since the MIME encoding/decoding happens at a higher level than the SOAP processing. That's technically correct, but the current wording seems to imply that a Base64 Transform could never show up in a compliant Transform chain, and that's incorrect. After the first Transform (which has to be one of the two types specified in Section 4.3) any valid Transform could appear in the Transform chain and process the output of the Attachment-Content-Only or Attachment-Complete Transform. So, in particular, it's quite possible that a Base64 Transform could show up somewhere in that Transform chain. 4) There appears to be a conflict between two parts of Section 3 (XML Attachments) which is exacerbated by the canonicalization rules (or lack thereof) for text/xml in Section 4.4.2. Section 3, lines 155--157, state that "Attachments might also be...targeted toward specific SOAP intermediaries...", which implies that attachments might have to be processed by intermediaries after the MIME wrapping is removed. However, the following sentence (lines 158---161) says that the specification assumes that SOAP attachments need not be processed as XML, and specifically not XML canonicalized. Furthermore, in Section 4.4.2 we have explicit statements that XML attachments do not need to be XML Canonicalized, just "MIME canonicalized". This restriction means XML attachments must be treated as binary blobs by intermediaries -- they could not be parsed and re-assembled because there's no mandatory canonicalization required for XML content before DigestValue hash generation. (Given the interpretation in (2) above, a conforming application could include an explicit C14N Transform in the Transform chain to make up for this deficiency, but because it's not required for all XML content no intermediary is going to be able to depend on being able to parse, process and re-assembly XML attachment content.) 5) As a side note to (4) above, note that RFC 3023, the current RFC containing the registration for the text/xml MIME type, does not define a canonical form for text/xml. Presumably, then, the canonical form for text/xml inherits from the registration for text as defined in RFC 2046, which only defines canonical CRLF processing for text types. Given these restrictions, XML attachments by default must be handled as opaque binary blobs and it'll be impossible for intermediate nodes to do any processing on them absent specific indications to the contrary in the Transform chain. 6) I have only read through the XMLENC-related sections briefly, but they appear to have similar layering problems/violations. In particular, the fact that MIME headers may be encrypted along with MIME content for a particular Attachment means the layering principle is explicitly violated for encryption. (See, e.g., lines 468--469 in Section 4.5.2.) According to Section 4.5.2, a conforming implementation would need to SOAP-format (but not encrypt) the to-be-sent message, then MIME-format the message, then XMLENC-encrypt soem MIME attachments, then re-format the (now-encrypted) MIME attachments, then re-format the SOAP message. Again, I would ask why MIME is bring treated as anything more than a packaging mechanism for a collection of XML objects that internally have signature & encryption relationships. 7) There is no discussion in this spec about the relationship between SwA signatures & encryption and S/MIME signatures & encryption. What are the processing rules for combining SwA & S/MIME signatures (since a signed SwA message might be re-signed at the MIME level by a MIME intermediary)? In summary, I'd strongly recommend that the WSS TC re-consider the mixed-mode, cross-layering approach they've used for signature generation and instead consider a cleaner architecture that performs SOAP, XMLDSIG & XMLENC processing first, without any reference to the MIME layer, and then uses the MIME layer strictly for transport. I'd be happy to answer any further questions the TC has about these specific comments or the XMLDSIG Recommendation in general. --Brian LaMacchia Co-author, XMLDSIG bal@microsoft.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]