[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Recently discover WSS security threat
Then you're still just signing the header and not the fact that the header is *directly* inside the soap:Header element. &Thomas. ] -----Original Message----- ] From: Rich Salz [mailto:rsalz@datapower.com] ] Sent: Friday, May 27, 2005 4:48 PM ] To: DeMartini, Thomas ] Cc: Hal Lockhart; wss@lists.oasis-open.org ] Subject: RE: [wss] Recently discover WSS security threat ] ] No, I meant for the whole Ref -- a single, simple XPath transform. ] Finds the only SOAP header with the right ID; multiple ID's will ] fail, missing ID's will fail, and wrapping the header inside a ] wrapper will fail. ] /r$ ] ] -- ] Rich Salz Chief Security Architect ] DataPower Technology http://www.datapower.com ] XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]