[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Issue 98: Inconsistencies related to SignedParts/*assertion
> -----Original Message----- > From: Martin Gudgin > Sent: 03 August 2006 08:40 > To: 'Corinna Witt'; Marc Goodner; ws-sx@lists.oasis-open.org > Subject: RE: [ws-sx] Issue 98: Inconsistencies related to > SignedParts/* assertion > > Hi corinna, > > 1. Great. Next round of edits I do to the spec should > incorporate that issue. > > 2. No problem. > > 3./4. Then the service has published a non-sensical policy. > And it should reject all messages that conform to that > policy, because they violate the OnlySignEntireHeadersAndBody > requirement. > > It might be worth adding some text to the description of > SignedElements that points this out. > > Gudge > > > -----Original Message----- > > From: Corinna Witt [mailto:cwitt@bea.com] > > Sent: 02 August 2006 15:45 > > To: Martin Gudgin; Marc Goodner; ws-sx@lists.oasis-open.org > > Subject: RE: [ws-sx] Issue 98: Inconsistencies related to > > SignedParts/* assertion > > > > Hi Gudge, > > > > 1. I'd like to see language added as you suggested, since I > > don't quite > > follow the interpretation you mentioned - I obviously have problems > > interpreting the text as it is now. > > > > (on the 08/02 call issue 98 was moved to 'editorial' to > address this) > > > > 2. Ok, I missed that. Thanks for explaining. > > > > 3./4. Ok - what happens if the Integrity Assertions and > > OnlySignEntireHeadersAndBody contradict each other? (on the > > call it was > > agreed that if there's need to address this, a new issue should be > > raised) > > > > Corinna > > > > -----Original Message----- > > From: Martin Gudgin [mailto:mgudgin@microsoft.com] > > Sent: Thursday, July 27, 2006 3:25 AM > > To: Marc Goodner; Corinna Witt; ws-sx@lists.oasis-open.org > > Subject: RE: [ws-sx] Issue 98: Inconsistencies related to > > SignedParts/* > > assertion > > > > Corinna, > > > > 1. It was felt that explicit text was needed WRT soap:Body to > > ensure that people did not interpret the assertion to mean 'sign the > > child (children) of soap:Body'. Colloquially, some people > refer to the > > child (children) of soap:Body as 'the body of the message'. There > > doesn't seem to be a similar problem for header elements. > When someone > > says 'sign the wsa:ReplyTo header' people seem to understand that it > > covers the wsa:ReplyTo element, it's attributes and content. > > That said, > > I'm not averse to including language similar to that for > soap:Body in > > the description of the sp:Header element. > > > > > > 2. I'm not sure quite what you are asking. There is a boolean > > property, it has a default value of 'false'. To set it to > 'true', put > > the sp:OnlySignEntireHeadersAndBody assertion in the policy. > > There is no > > assertion that sets the value of the property to 'false'. > > > > Note that this is by design. Let's say I have a boolean > > property [Foo], > > with a default value of 'false'. And an assertion m:SetFoo > > that sets the > > value to 'true'. There are two possible policies; > > > > <wsp:Policy/> > > > > and > > > > <wsp:Policy> > > <m:SetFoo/> > > </wsp:Policy> > > > > > > 3. The [Entire Header And Body Signatures] property exists to > > protect against XML rewriting attacks. It essentially tells the > > signature processor that all the references outside the > wsse:Security > > header should be to elements that are either direct children of > > soap:Header or to the soap:Body itself. If this property is > > set to true > > the signature processor can raise an error if any > references are found > > to elements that do not meet this constraint, thus limiting > > the ability > > of an attacker to 'hide' a header by moving it inside some other > > element. > > > > Not also that while SignedParts requires entire headers to > be signed, > > SignedElements does not. > > > > 4. Does my answer to 3. above also address this item? > > > > Cheers > > > > Gudge > > > > > -----Original Message----- > > > From: Marc Goodner [mailto:mgoodner@microsoft.com] > > > Sent: 26 July 2006 23:32 > > > To: Corinna Witt; ws-sx@lists.oasis-open.org > > > Subject: [ws-sx] Issue 98: Inconsistencies related to > > > SignedParts/* assertion > > > > > > Issue 98. > > > > > > ________________________________ > > > > > > From: Corinna Witt [mailto:cwitt@bea.com] > > > Sent: Wed 7/26/2006 12:17 PM > > > To: ws-sx@lists.oasis-open.org > > > Cc: Marc Goodner > > > Subject: NEW ISSUE: Inconsistencies related to > > SignedParts/* assertion > > > > > > > > > > > > PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON > > THREAD UNTIL > > > THE ISSUE IS ASSIGNED A NUMBER. > > > The issues coordinators will notify the list when that > has occurred. > > > > > > Protocol: ws-sp > > > > > > http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.ph > > > p/18837/ws > > > -securitypolicy-1.2-spec-ed-01-r07.pdf > > > > > > Artifact: spec > > > > > > Type: design > > > > > > Title: Inconsistencies related to SignedParts/* assertion > > > > > > Description: > > > > > > 1. Line 605-607 about /SignedParts/Body say "...the entire > > body, that > > > is the soap:Body element, it's attributes and content, of > > the message > > > needs to be integrity protected". Line 608-618 about > > > /SignedParts/Header don't say anything about whether the > > entire header > > > > > needs to be integrity protected. > > > > > > 2. Compare line 1796-1798 about > > > /SymmetricBinding/Policy/OnlySignEntireHeadersAndBody "This > > assertion > > > indicates that the [Entire Header And Body Signatures] > > property is set > > > > > to 'true'." with line 1499-1500 from 6.6 [Entire Header and Body > > > Signatures] Property: "The default value for this property is > > > 'false'." > > > (same thing in asymmetric binding btw.) > > > > > > 3. Assuming both SignedParts/Body and SignedParts/Headers > > are 'entire > > > element' by default and OnlySignEntireHeadersAndBody is true by > > > default, why do we need another assertion with the same default? > > > > > > 4. It seems like a limitation to switch the default for 'entire > > > element integrity protection' for headers and body > wholesale - even > > > more so if they turn out not to have the same default. > > > ______________________________________________________________ > > > _________ > > > Notice: This email message, together with any attachments, may > > > contain information of BEA Systems, Inc., its > subsidiaries and > > > affiliated entities, that may be confidential, proprietary, > > > copyrighted and/or legally privileged, and is intended > > solely for the > > > > > use of the individual or entity named in this message. If > > you are not > > > the intended recipient, and have received this message in error, > > > please immediately return this by email and then delete it. > > > > > > > > > > > ______________________________________________________________ > > _________ > > Notice: This email message, together with any attachments, > > may contain > > information of BEA Systems, Inc., its subsidiaries and > > affiliated > > entities, that may be confidential, proprietary, > > copyrighted and/or > > legally privileged, and is intended solely for the use of the > > individual > > or entity named in this message. If you are not the intended > > recipient, > > and have received this message in error, please immediately > > return this > > by email and then delete it. > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]