[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] OASIS DSS "Request for Feedback" - Signing Templates
This can happen on KeySelector just as easily as it can on KeyInfo, it is just a matter of how one instructs the server to create signatures. Besides the is more of a SignaturePolicyIdentifier issue ala XAdES (implict or explicit). This is a good point, but is not germane to our discussion of templates. I believe the benefit, especially in the area of complex Reference/Transform combinations outways the very few "slip by the server" concerns, which should be carefully validated anyway. This I believe is up to the implementation, afterall it is the server that has the last word. But I see your point about having the core "Warn" implementations to be careful. It is more a question of over-restrictiveness versus a free-for-all. Please remember, feedback is being solicited on the core versus profile decision, not on the virtues/pitfalls of templates. Ed -----Original Message----- From: Rich Salz [mailto:rsalz@datapower.com] Sent: September 13, 2004 6:29 PM To: Edward Shallow Cc: kuehne@klup.de; 'OASIS DSS TC' Subject: RE: [dss] OASIS DSS "Request for Feedback" - Signing Templates > The template > approach does not advocate dropping input editing and validation. One possible concern is that the DSIG spec has a number of extension points (dsig:Object, for example), and a DSS server has to make sure that the client hasn't "slipped in" something past the server. As another concern, consider a single keypair which has been certified multiple times. WS-Security and WS-I basic security profile have just been dealing with this. A template approach might allow a client to identify the "wrong" signing certificate; for example, the low-liability cert even tho the server is (only?) authorized to use the high-value, corporate-level, cert. These are not insoluble problems, but taken overall I think the approach is too risky to put into the core. It could require a great deal of *semantic* understanding, as opposed to lexical/syntactic understanding, of every request. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php .
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]