OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: NEW ISSUE: Inconsistencies related to SignedParts/* assertion

PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
THE ISSUE IS ASSIGNED A NUMBER.  
The issues coordinators will notify the list when that has occurred.

Protocol: ws-sp 

http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/18837/ws
-securitypolicy-1.2-spec-ed-01-r07.pdf

Artifact: spec

Type: design

Title: Inconsistencies related to SignedParts/* assertion 

Description:

1. Line 605-607 about /SignedParts/Body say "...the entire body, that is
the soap:Body element, it's attributes and content, of the message needs
to be integrity protected". Line 608-618 about /SignedParts/Header don't
say anything about whether the entire header needs to be integrity
protected.

2. Compare line 1796-1798 about
/SymmetricBinding/Policy/OnlySignEntireHeadersAndBody "This assertion
indicates that the [Entire Header And Body Signatures] property is set
to 'true'."  with line 1499-1500 from 6.6 [Entire Header and Body
Signatures] Property: "The default value for this property is 'false'."
(same thing in asymmetric binding btw.)

3. Assuming both SignedParts/Body and SignedParts/Headers are 'entire
element' by default and OnlySignEntireHeadersAndBody is true by default,
why do we need another assertion with the same default? 

4. It seems like a limitation to switch the default for 'entire element
integrity protection' for headers and body wholesale - even more so if
they turn out not to have the same default.
_______________________________________________________________________
Notice:  This email message, together with any attachments, may contain
information  of  BEA Systems,  Inc.,  its subsidiaries  and  affiliated
entities,  that may be confidential,  proprietary,  copyrighted  and/or
legally privileged, and is intended solely for the use of the individual
or entity named in this message. If you are not the intended recipient,
and have received this message in error, please immediately return this
by email and then delete it.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]