This issue is assigned the number 080. For further
discussions on this issue, please refer to this issue number or use this
thread.
From: Scott de Deugd
[mailto:dedeugd@us.ibm.com]
Sent: Tuesday, October 28, 2008 6:05 AM
To: Ram Jeyaraman
Subject: New Issue: Secure all WSA related headers
--------------------------------------------------------------------------------------------------------------------------------
Please defer discussions on this issue until a time this issue is accepted and
is assigned a number.
Description:
Document: DPWS Version 1.0
Line number 927
Owner: Scott de Deugd
Description:
Spec Change:
Section 7.1.1 has:
R4000: A SERVICE MUST not send a SOAP ENVELOPE without protecting the integrity
of any Message Information Header blocks matching the following XPath
expressions: (a) /soap:Envelope/soap:Header/wsa:Action, (b)
/soap:Envelope/soap:Header/wsa:MessageID, (c)
/soap:Envelope/soap:Header/wsa:To, (d) /soap:Envelope/soap:Header/wsa:ReplyTo,
(e) /soap:Envelope/soap:Header/wsa:RelatesTo.
This does not appear to include reference parameters ffrom the [desitnaiton]
EPR.
Proposed Resolution (changes in red):
R4000: A SERVICE MUST not send a SOAP ENVELOPE without protecting the integrity
of any Message Information Header blocks matching the following XPath
expressions: (a) /soap:Envelope/soap:Header/wsa:Action, (b)
/soap:Envelope/soap:Header/wsa:MessageID, (c)
/soap:Envelope/soap:Header/wsa:To, (d) /soap:Envelope/soap:Header/wsa:ReplyTo,
(e) /soap:Envelope/soap:Header/wsa:RelatesTo and (f)
/soap:Envelope/soap:Header/*[@isReferenceParameter='true'].