[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] examples of signing element(s) in security header
It seems to be solved. (Thanks, Thomas) For key-bearing elements, folowing rule will be applied to it. | key-bearing element SHOULD be ordered to precede the key-using Element: For a Timestamp element, if I assume the following step: - make a Timestamp element - sign the Timestamp element and the SOAP body (producing a Signature element) - put the Timestamp element and the Signature element in the Security header at a time then, both ordering is possible. --- Toshi At Tue, 01 Feb 2005 19:13:34 +0900, NISHIMURA Toshihiro wrote: > We have the following prepending rule (RECOMMENDATION): > | As elements are added to a <wsse:Security> header block, they SHOULD > | be prepended to the existing elements. > > When we want to add a security timestamp and sign it, according to the > rule above, we should prepend Timestamp element first and then prepend > Signature element. The structure would be: > <wsse:Security> > <ds:Signature> (signing the Timestamp) > <wsu:Timestamp> (to be signed) > > But, current example in chapter 11 of core has following structure: > <wsse:Security> > <wsu:Timestamp wsu:Id="T0"> > <ds:Signature> > <ds:SignedInfo> > <ds:Reference URI="#T0"> > > > Similarly, when we want to sign a token (or token reference) in the > same Security header, we should prepend the token (reference) first > and then prepend Signature element. > <wsse:Security> > <ds:Signature> (signing the token (reference)) > <some token (reference)> (to be signed) > Current examples in the following documents/sections do not have the > elements in this order. > - core / section 8.3 > - X.509 profile / section 3.3.2 > - REL profile / section 3.4 (the second and the third examples in > this section > - SAML profile / section 3.3.3 and section 3.4.2.3 > > Am I misunderstanding something? > Or should these examples be corrected in errata? > --- > NISHIMURA Toshihiro (FAMILY Given) > nishimura.toshi@jp.fujitsu.com > STRATEGY AND TECHNOLOGY DIV., SOFTWARE GROUP, FUJITSU LIMITED > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php. > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]