OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-dd message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: Issue pr005 - WS-Discovery - SignedInfo element is not inXML-C14N canonical form

Please find the attached proposal to address this issue. The changes are purely editorial.





From: Ram Jeyaraman [mailto:Ram.Jeyaraman@microsoft.com]
Sent: Friday, February 27, 2009 2:45 PM
To: ws-dd@lists.oasis-open.org
Subject: [ws-dd] Issue pr005 - WS-Discovery - SignedInfo element is not in XML-C14N canonical form


This issue is assigned the number pr005. For further discussions on this issue, please refer to this issue number or use this thread.


From: Jay A. Treptow [mailto:jay@treptows.net]
Sent: Thursday, February 26, 2009 6:23 PM
To: ws-dd-comment@lists.oasis-open.org
Subject: [ws-dd-comment] WS-DD 1.1 2009/01


Below are comments on the Web Services Dynamic Discovery (WS-Discovery) Version 1.1 Public Review Draft 01 28 January 2009.


Section 8.2 Compact Signature Format:

The SignedInfo element in the example expanded compact signature in Table 14 is not in XML-C14N canonical form.  Specifically, it does not contain end tags for elements that only have attributes and no value.  I believe this is misleading for someone trying to correctly create the string to sign.  I think that the example should be in canonicalized form, or at a minimum there should be a note that states that it is not in canonicalized form.  Below I have inserted what I believe to be the correct form.

Table 14 canonicalized:


(02)    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"

(03)    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-1414 wssecurity-secext-1.0.xsd" >

(04)<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI="#ID1"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="i" xmlns:ec="http://www.w3.org/2001/10/xml-exc-1421 c14n#"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>ODE3NDkyNzI5</ds:DigestValue></ds:Reference></ds:SignedInfo>

(05)  <ds:SignatureValue>ru5Ef76xGz5Y5IB2iAzDuMvR5Tg=</ds:SignatureValue>

(06)  <ds:KeyInfo>

(07)    <wsse:SecurityTokenReference>

(08)      <wsse:KeyIdentifier>Dx42/9g=</wsse:KeyIdentifier>

(09)    </wsse:SecurityTokenReference>

(10)  </ds:KeyInfo>






Jay Treptow





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]