OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [ebxml-msg] IBM/Microsoft/Verisign WS-Security spec


For those who have not yet seen the subject document, I'd like to call
you attention to it and provide some comments.

In brief, WS-Security describes how to apply XML-Signature and XML-
Encryption to SOAP messages.  In addition, it allows the inclusion of
various types of user authentication tokens (username/password pairs,
X.509 certificates, Kerberos tokens).

WS-Security supercedes the W3C Note "SOAP Security Extensions: Digital
Signature" (SOAP-Security).  I don't believe there is any difference
between SOAP-Security and the Signature portion of WS-Security, other
than renaming the container element.

Note that the ebXML Messaging 2.0 Signature element is not compatible
with either WS-Security or SOAP-Security, as it is an immediate child
of <SOAP:Header>, with no additional containment.

I suppose that this spec will become more interesting as it goes
through the W3C Recommendation track, if that is what the authors plan
to do with it.  At that point, it could be referenced by ebXML
Messaging, and those portions of ebXML Messaging that specify (or will
specify in future versions) the relevant security elements could
probably disappear.

References:

Web Services Security (WS-Security)
  <http://www-106.ibm.com/developerworks/webservices/library/ws-secure/?open&l=740,t=gr>
SOAP Security Extensions: Digital Signature (W3C Note)
  <http://www.w3.org/TR/SOAP-dsig/>

--Pete
Pete Wenzel <pete@seebeyond.com>
SeeBeyond
Standards & Product Strategy
+1-626-471-6092 (US-Pacific)


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC