[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-bindings] SOAP Profile draft
> I am afraid I am missing something here. We are, of course, > just trying to incorporate the <dsig:Signature> element from > XML-DSIG as a header within SOAP. Technically speaking there is > no such thing as a "type dsig:Signature". Right, sorry, I meant SignatureType, as in <element name="Signature" type="dsig:SignatureType"/> but defined *within the SAML namespace.* I think it is a mistake to use "dsig:Signature" as the element name because it is too generic. I claim the disg:Signature element should never be used as a toplevel element, but rather only within some other element which defines context. Suppose I have a SOAP message where the body is signed, and then there are signed SAML assertions, and (for some reason) SOAP Security Extensions are used to sign the overall soap message. That means there could be three "dsig:Signature" elements in the header, and if I would have to parse all three to determine which one I want. Now, in fact, that might/probably not happen. If you read the SOAP Sec spec (http://www.w3.org/TR/SOAP-dsig), you'll see that they define their own namespace to hold the XML DSIG. Precisely to avoid the problem I'm describing. Hope this helps. /r$ -- Zolera Systems, Your Key to Online Integrity Securing Web services: XML, SOAP, Dig-sig, Encryption http://www.zolera.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC