[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [ebxml-msg] IBM/Microsoft/Verisign WS-Security spec
For those who have not yet seen the subject document, I'd like to call you attention to it and provide some comments. In brief, WS-Security describes how to apply XML-Signature and XML- Encryption to SOAP messages. In addition, it allows the inclusion of various types of user authentication tokens (username/password pairs, X.509 certificates, Kerberos tokens). WS-Security supercedes the W3C Note "SOAP Security Extensions: Digital Signature" (SOAP-Security). I don't believe there is any difference between SOAP-Security and the Signature portion of WS-Security, other than renaming the container element. Note that the ebXML Messaging 2.0 Signature element is not compatible with either WS-Security or SOAP-Security, as it is an immediate child of <SOAP:Header>, with no additional containment. I suppose that this spec will become more interesting as it goes through the W3C Recommendation track, if that is what the authors plan to do with it. At that point, it could be referenced by ebXML Messaging, and those portions of ebXML Messaging that specify (or will specify in future versions) the relevant security elements could probably disappear. References: Web Services Security (WS-Security) <http://www-106.ibm.com/developerworks/webservices/library/ws-secure/?open&l=740,t=gr> SOAP Security Extensions: Digital Signature (W3C Note) <http://www.w3.org/TR/SOAP-dsig/> --Pete Pete Wenzel <pete@seebeyond.com> SeeBeyond Standards & Product Strategy +1-626-471-6092 (US-Pacific)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC