[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [XML Signature] DSig-01
Rich, You may be right, but I'm not sure. Actually we may both be right! >What is SOAP's way of signign? Is it the W3C Note on SOAP Security? If >so, I think there's a good chance it will end up being only marginally >useful -- it provides a way to carry a signature when the application >itself doesn't provide one. Who is going to use that? Well, if we take e-business, I don't see the point in having a Signature element in every business messages (are such *applications* BTW?). It seems simpler (or at least much cleaner) to keep business contents free from security "junk". I'm sure MSFT and IBM thought of that when they did this note (probably based on the formula: e-business = mainstream). In my opinion an assertion is just another "business message" (it is in OBI V4), but you may naturally see this differently. Or does the signature have a closer "relation" to the assertion in SAML, than a signature enclosing a Purchase Order has? >Either the application cares about the signature, in which case it should "leave >space" in its XML schemata, or it doesn't care and the SOAP system will >be doing signature validation, in which case it's probably good enough >to use SSL/TLS. Well, the SAML Signature element is *optional* (for reasons we all know of...) so in which way is this different than having an optionally enclosing container? Regards Anders
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC