OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ebxml-msg] WSI signatures propsal & impact on ebXML Messaging

First, the WSI BSP is not ratified yet.

Second, if WSI were to prohibit WSS signatures using xmldsig enveloped
signatures, ebXML users could fall back to the ebMS 2.0 signature
mechanisms if they wanted to have enveloped signatures (that also
included the current xpath filtering that allows intermediary added
signatures). I think ensuring that this option is available depends on
what we do in creating the ebMS 3.0 header definition. 

ebMS 3.0 users wishing to use _only_ the wsse:security header blocks in
a wsi conforming manner may therefore not have precisely the same
functionality as had existed in ebMS 2.0. 

But, theoretically, an ebMS 2.0 signature in an ebXML header could be
combined with a future ebMS 3.0 approach that uses wsse:security header
blocks (supposing someone invents a use case for that combination!) In
other words, ebMS 3.0 could use wsse:security header blocks in a wsi
conformant way, but also allow the ebMS 2.0 signature mode in its header
when that functionality was desired. I think that an ebMS 2.0 style
signature mode would typically fail for some cases where the
wsse:security detached signature succeeds. So I suspect that users would
opt for one rather than the other mechanism. But because ebMS header
blocks containing signatures would fall under a wsi extension point, I
don't think they would count as breaking any wsi conformance

I think that whatever wsi consensus gets established for use of
wsse:security header blocks can be satisfied by ebMS v 3.0. So it may
not be possible to get all the requirements that are currently satisfied
when using the ebMS 2.0 security approach also satisfied when using a
wsi-conforming, wsse:security-using message. But I am not clear that I
see why that would necessarily has to be a problem.

Dale Moberg

-----Original Message-----
From: ian.c.jones@bt.com [mailto:ian.c.jones@bt.com] 
Sent: Wednesday, March 17, 2004 6:39 AM
To: ebxml-msg@lists.oasis-open.org
Subject: [ebxml-msg] WSI signatures propsal & impact on ebXML Messaging
Importance: Low

TC members,


           I have been forwarded the following from people attending the
WSI meeting this week about using detached signatures as part of their
profile.   As the current version 2 specification uses enveloped
signatures I would appreciate any comments from those of you that
understand the issue better than I.  This decision will obviously affect
any version 3 work that relates to security and WSI profile(s) these are
items under consideration for inclusion.


          Please forward to any parties that may have a view on this


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]