[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: WSS discussion on IDs, MITM, plain brown wrapper and policies about unsigned arriving body and/or headers
|
There has been an interesting thread over in the OASIS WSS
group this week apparently starting at http://lists.oasis-open.org/archives/wss/200505/msg00093.html Specific combinations of ds:Reference tricks using fragment
URIRefs, header additions and encapsulations, MU semantics are mentioned that can
produce some definite hazards when using WSS. Many of these concerns resemble those that led ebMS 2.0 to
take a very strict approach to signing conventions and transforms for ebMS
messages. Now that we are looking at using WSS because it has an
approach to mixing XML Encryption and XML Digital Signature that we postponed
during ebMS 2.0 discussions, it would be good to consider the specific policy
conventions on WSS level signing for ebMS 3.0 messages. There are some good new
details here that we need to have default working solutions for. We may need to
have both an enveloped signature (similar to that in 2.0), and the detached
signature typical for WSS and WS-I BSP. The latter may need some special
cautionary notes. Dale Moberg |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]