[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Issue 84 - Use of Decryption Transform
"Hal Lockhart" <hlockhar@bea.com> wrote on 11/10/2004 02:45:11 PM: > I believe the summary of this issue given at the last meeting was > inaccurate or at least confusing. It has been dormant so long, I had > forgotten what it was about. Here is what I believe the situation is. > > The decryption transform was invented to allow the xml signature and > xml encryption specifications to be combined, when not using a > scheme like WSS to specify the order of overlapping operations. The > decryption transform essentially says to the receiver, before you > check this signature you must decrypt the data and thus verify the > signature over the cleartext. > > My position for some time has been that the order of encryption and > signature elements in the security header can specify any ordering > that the decryption transform can, so it is unneeded in WSS. As a > general principle, I oppose having two ways to do exactly the same thing. When there is one security header and no non-WSS XML sig/enc performed in other headers, the order of processing can be determined by the order of the signature and encryption elements within the security header - no argument there. When there are more than one security header, the decryption transform may be necessary to provide the processing order required to verify a signature that references elements that may have been encrypted for other roles/actors prior or subsequent to the application of the signature. Since one SOAP Node may perform multiple role(s)/actor(s), this information could be used by that node to: a) order the role/actor processing, or b) to reroute the message to another node. > (Note, this prohibition only applies to signatures in the security > header. Applications can include signatures which specify the > decryption transform in the body. WSS will neither prohibit or process these.) Do you presume that all WSS processing would occur for all roles/actors before any application level XML sig/enc processing at any role/actor? Even in a case with only one security header, there could be other headers targeted to roles/actors that use non-WSS XML sig/enc where the tranform could be used to avoid conflict. > When this was last discussed, Tony claimed there was a usecase in > which the decryption transform was required. I have been waiting to > see that usecase. If there is one, I will be happy to agree to > allowing the use of the decryption transform. Last week I spoke to > Mike McIntosh privately and he indicated that he intends to describe > the usecase. To summarize my position: a) the transform is NOT needed when all potentially overlapping XML sig/enc is decribed in one security header. b) the transform MAY be needed when some potential exists for overlapping XML sig/enc: b.1) purely at the application level (out of scope), b.2) between two security headers (in scope), b.3) between a security header and application level (in scope). > In any event, I do not believe this is my action item. > > Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]