OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-dd message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-dd-comment] WS-DD 1.1 2009/01; WS-DD Issue #PR005

Dear Mr. Treptow:

 

Thank you very much for submitting your comment on WS-Discovery during the current public review period regarding Section 8.2 Compact Signature Format. It was assigned issue number PR005 for tracking purposes.

 

The WS-DD Technical Committee reviewed your comment and agreed that clarification is appropriate in Section 8.2. The editorial change made clarifies that Table 14 shows the expanded signature corresponding to the compact signature in Table 13, and is not intended to show the C14N canonicalized form. The working draft showing the change can be found at http://www.oasis-open.org/committees/download.php/31715/wsdd-discovery-1.1-spec-wd-07.docx.

 

We appreciate your help in making the WS-Discovery specification as clear as possible, and welcome any further comments you may have.

 

Best regards,

 

Toby Nixon

Co-Chair, OASIS WS-DD Technical Committee

 

From: Jay A. Treptow [mailto:jay@treptows.net]

Sent: Thursday, February 26, 2009 6:23 PM

To: ws-dd-comment@lists.oasis-open.org

Subject: [ws-dd-comment] WS-DD 1.1 2009/01

 

Below are comments on the Web Services Dynamic Discovery (WS-Discovery) Version 1.1 Public Review Draft 01 28 January 2009.

 

Section 8.2 Compact Signature Format:

 

The SignedInfo element in the example expanded compact signature in Table 14 is not in XML-C14N canonical form.  Specifically, it does not contain end tags for elements that only have attributes and no value.  I believe this is misleading for someone trying to correctly create the string to sign.  I think that the example should be in canonicalized form, or at a minimum there should be a note that states that it is not in canonicalized form.  Below I have inserted what I believe to be the correct form.

 

Table 14 canonicalized:

 

(01)<ds:Signature

(02)    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"

(03)    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-1414 wssecurity-secext-1.0.xsd" >

(04)<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI="#ID1"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="i" xmlns:ec="http://www.w3.org/2001/10/xml-exc-1421 c14n#"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>ODE3NDkyNzI5</ds:DigestValue></ds:Reference></ds:SignedInfo>

(05)  <ds:SignatureValue>ru5Ef76xGz5Y5IB2iAzDuMvR5Tg=</ds:SignatureValue>

(06)  <ds:KeyInfo>

(07)    <wsse:SecurityTokenReference>

(08)      <wsse:KeyIdentifier>Dx42/9g=</wsse:KeyIdentifier>

(09)    </wsse:SecurityTokenReference>

(10)  </ds:KeyInfo>

(11)</ds:Signature>

(12)

 

======================

Jay Treptow

jay@treptows.net

======================

 

Toby Nixon  |  Senior Standards Program Manager  |  Windows Device and Storage Technologies  |  Microsoft Corporation

toby.nixon@microsoft.com  |  www.microsoft.com | V: +1 425 706 2792  |  M: +1 206 790 6377  |  F: +1 425 708 4811

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]