OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-rx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-rx] issue 115: clarifying question

I don't disagree, however, it isn't as if there isn't an effective mitigation strategy.

The specification already covers this, starting on line 820 (cd03):

"In order to properly secure messages, the body and all relevant headers need to be included in the signature."

Clearly, this would be a "relevant header", and the specification for foo:SecureRM should have a similar
caveat that strongly recommends that the header be signed with the body.

My principal concern with a wsrm:mustUnderstand is that it changes the parsing/processing model of the
messages from what is currently the case for every SOAP stack. Significantly.

Adding a SOAP header that carries the desired semantic is something that is built into every SOAP
stack. Every one of them. Today. No changes necessary. Adding a "handler" for the mU QName
could be as trivial as adding an entry to a configuration file of SOAP header QNames that are
"understood" by the endpoint. Oh, the complexity. Not!


Christopher Ferris
STSM, Software Group Standards Strategy
email: chrisfer@us.ibm.com
blog: http://www.ibm.com/developerworks/blogs/dw_blog.jspa?blog=440
phone: +1 508 377 9295

Richard Salz/Cambridge/IBM

04/25/2006 08:21 AM

"Gilbert Pilz" <Gilbert.Pilz@bea.com>
Christopher B Ferris/Waltham/IBM@IBMUS, "wsrx" <ws-rx@lists.oasis-open.org>
RE: [ws-rx] issue 115: clarifying questionLink

I think Gil's got a very important point.
SOA Appliances
Application Integration Middleware

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]