OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] Recently discover WSS security threat

Then you're still just signing the header and not the fact that the
header is *directly* inside the soap:Header element.

&Thomas.

] -----Original Message-----
] From: Rich Salz [mailto:rsalz@datapower.com]
] Sent: Friday, May 27, 2005 4:48 PM
] To: DeMartini, Thomas
] Cc: Hal Lockhart; wss@lists.oasis-open.org
] Subject: RE: [wss] Recently discover WSS security threat
] 
] No, I meant for the whole Ref -- a single, simple XPath transform.
] Finds the only SOAP header with the right ID; multiple ID's will
] fail, missing ID's will fail, and wrapping the header inside a
] wrapper will fail.
] 	/r$
] 
] --
] Rich Salz                  Chief Security Architect
] DataPower Technology       http://www.datapower.com
] XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]