[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 145 - WS-Discovery - Editorial: clariy that the securityheader should not be signed
|
This issue is assigned the number 145. For further
discussions on this issue, please refer to this issue number or use this
thread. From: Vipul Modi This is an editorial clarification issue. Issue: When signing the message the security header
should not be signed, however its children can be signed. This is already
specified currently in the specification but it is not clear that the security
header itself should not be signed. Following is the existing text. Since the
security header is a SOAP header the following text could be interpreted as “it
is legal to sign the security header” d:Security/d:Sig/@Refs Parts of the message that have been
canonicalized and digested. Each part is referenced by @d:Id (see above). Only immediate children of the
security header, top-level SOAP header blocks (/s:Envelope/s:Header/*),
and the full SOAP Body (/s:Envelope/s:Body) can
be referenced in this list. The value is a space-separated list of IDs to
elements within the message.
Proposal: Replace the above text with following. d:Security/d:Sig/@Refs Parts of the message that have been
canonicalized and digested. Each part is referenced by @d:Id (see above). Only immediate children of the
security header, top-level SOAP header blocks other
that the security header (/s:Envelope/s:Header/*), and the full SOAP
Body (/s:Envelope/s:Body) can be referenced in this list. The value is a
space-separated list of IDs to elements within the message. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]