[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Issue 114: Additional algorithm properties, assertionsand references needed
Frederick, I'm sorry this is so late. Here are my comments/questions; a1. I don't see the need for an explicit assertion to indicate Exclusive C14N without comments. The current design works fine in terms of policy matching. a2. I don't see the need to support WithComments versions of either Exclusive or Inclusive C14N. As and when such a need arises, assertions could be defined at that point (i.e. outside this TC) a3. I don't understand this item. The SOAP Normalization Transform defines the mapping of boolean attributes such as soap12:mustUnderstand as "1" -> "true". If you don't perform that mapping, you are not using the SOAP Normalization Transform... a4. I don't see a need for such a property at this point. Again, if a need arises in the future a property ( and associated assertions ) can be defined. b. I agree we should have references to the various specs. c. I don't see a need for this either. Again if such a need arose a property and assertions could be defined at that point. Gudge -----Original Message----- From: Marc Goodner [mailto:mgoodner@microsoft.com] Sent: Thursday, October 05, 2006 9:29 AM To: Frederick Hirsch; WS-SX OASIS Subject: [ws-sx] Issue 114: Additional algorithm properties, assertions and references needed Issue 114 -----Original Message----- From: Frederick Hirsch [mailto:frederick.hirsch@nokia.com] Sent: Thursday, October 05, 2006 6:31 AM To: WS-SX OASIS Cc: Hirsch Frederick; Marc Goodner Subject: NEW Issue: Additional algorithm properties, assertions and references needed PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER. The issues coordinators will notify the list when that has occurred. Protocol: ws-sp WS-SecurityPolicy 1.2, Editors Draft 01, 01 September 2006 ws-securitypolicy-1.2-spec-ed-10 <http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/ 20579/ws-securitypolicy-1.2-spec-ed-01-r10.doc> Artifact: spec Type: design Title: Additional algorithm properties, assertions and references needed Description: a] Use of algorithms and properties needs additional material, specifically: Section 7.1 Algorithm Suite Assertion provides means to set values of algorithm properties. /sp:AlgorithmSuite/wsp:Policy/sp:InclusiveC14N can be used to set InclusiveC14N, default is stated to be ExclusiveC14N. 1. Should provide assertion to explicitly state ExclusiveC14N, with or without comments 2. Need means to state with or without comments, as a parameter of InclusiveC14N assertion. 3. Provide means to allow SOAP Message normalization with true mapped to 1 or reverse by providing parameter for /sp:AlgorithmSuite/ wsp:Policy/sp:SoapNormalization10 assertion. 4. Add signature algorithm property, to enable control over XML Signature use, for XML Signature versioning, also to control use e.g. to disallow Manifest usage. b] normative references in section 1.5 required for algorithms specified in WS-SP, e.g. for SOAP Normalization c] Add assertion to require canonicalization of entire SOAP message and to maintain this canonicalization Related issues: none Proposed Resolution: (a) extend canonicalization algorithm definitions (1) In 7.1 define Comments parameter for /sp:AlgorithmSuite/ wsp:Policy/sp:InclusiveC14N assertion. /sp:AlgorithmSuite/wsp:Policy/sp:InclusiveC14N/@sp:WithComments 'true' with comments, 'false' without, not stated is 'false' (2) in 7.1 define ExclusiveCanonicalization assertion to explicitly set c14N property for exclusive and allow or disallow comments /sp:AlgorithmSuite/wsp:Policy/sp:ExclusiveC14N /sp:AlgorithmSuite/wsp:Policy/sp:ExclusiveC14N/@sp:WithComments 'true' with comments, 'false' without, not stated is 'false' (3) in 7.1 define TrueNormalization parameter for SoapNormalization (SNT) property as follows: /sp:AlgorithmSuite/wsp:Policy/sp:SoapNormalization10/ @sp:TrueNormalization If not provided, value is 'true', meaning map according to SOAPNormalization, 'relay' and 'mustUnderstand' from '1' to 'true' otherwise from 'true' to '1'. Purpose is to allow SOAP normalization with WS-I Basic Profile compatibility see R1013, <http://www.ws-i.org/Profiles/ BasicProfile-1.1.html#SOAP_mustUnderstand_Attribute> (4) Add [XML Signature] algorithm property and associated assertion /sp:AlgorithmSuite/wsp:Policy/sp:XMLSignature10 use XML Signature Rec 12 Feb 2002 (anticipate future revisions) /sp:AlgorithmSuite/wsp:Policy/sp:XMLSignature10/@sp:NoManifest disallow Manifest usage if 'true', if not stated is 'false'. (b) Add to section 1.5 reference to <http://www.w3.org/TR/soap12-n11n/>. Check for other normative references. (c) add new section 6.8 [Message Canonicalization] Property and corresponding assertion Property values: None - default, no requirement for canonicalization of entire SOAP message Canonicalized - XML Canonicalization applied to SOAP entire message FullCanonicalized - soap message and xml canonicalization applied to entire SOAP message Assertion: /sp:MessageCanonicalization /sp:MessageCanonicalization/wsp:Policy/sp:Canonicalized /sp:MessageCanonicalization/wsp:Policy/sp:FullCanonicalized both Canonicalized and FullCanonicalized nested assertions can take algorithmSuite SOAPNormalization and InclusiveC14N or ExclusiveC14N assertions. They are also element and attribute extensible to allow for different requirements. ---- regards, Frederick Frederick Hirsch Nokia
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]