OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss] OASIS DSS "Request for Feedback" - Signing Templates

This can happen on KeySelector just as easily as it can on KeyInfo, it is
just a matter of how one instructs the server to create signatures. Besides
the is more of a SignaturePolicyIdentifier issue ala XAdES (implict or
explicit). This is a good point, but is not germane to our discussion of
templates. I believe the benefit, especially in the area of complex
Reference/Transform combinations outways the very few "slip by the server"
concerns, which should be carefully validated anyway. This I believe is up
to the implementation, afterall it is the server that has the last word. But
I see your point about having the core "Warn" implementations to be careful.
It is more a question of over-restrictiveness versus a free-for-all. 

Please remember, feedback is being solicited on the core versus profile
decision, not on the virtues/pitfalls of templates.

Ed  

-----Original Message-----
From: Rich Salz [mailto:rsalz@datapower.com] 
Sent: September 13, 2004 6:29 PM
To: Edward Shallow
Cc: kuehne@klup.de; 'OASIS DSS TC'
Subject: RE: [dss] OASIS DSS "Request for Feedback" - Signing Templates

> The template
> approach does not advocate dropping input editing and validation.

One possible concern is that the DSIG spec has a number of extension points
(dsig:Object, for example), and a DSS server has to make sure that the
client hasn't "slipped in" something past the server.  As another concern,
consider a single keypair which has been certified multiple times.
WS-Security and WS-I basic security profile have just been dealing with
this. A template approach might allow a client to identify the "wrong"
signing certificate; for example, the low-liability cert even tho the server
is (only?) authorized to use the high-value, corporate-level, cert.

These are not insoluble problems, but taken overall I think the approach is
too risky to put into the core.  It could require a great deal of
*semantic* understanding, as opposed to lexical/syntactic understanding, of
every request.

	/r$

 --
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html


To unsubscribe from this mailing list (and be removed from the roster of the
OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php
.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]