Subject: NEW Issue: Signature protection semantics clarification
PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER.
The issues coordinators will notify the list when that has occurred.
Title: Signature protection semantics clarification
Currently the security binding [Signature Protection] property requires that all signature and signature confirmation elements MUST be encrypted when the property value is set to ‘true’. Given the fact that this property is only settable on security binding and security binding assertion can be associated with endpoint or operation scope only, it is not possible to express this requirement for individual messages or faults. Sometimes individual messages for a single operation may differ as to what message parts are encrypted in those messages. Generally, if there is nothing encrypted in the message, encrypting the signature does not add value from the security standpoint, it only degrades the performance. But given the current design, it is not possible to express signature protection requirement is such a way that would require signature element to be encrypted only for messages where there is at least one part encrypted. The proposal below changes the semantics of the [Signature Protection] assertion so that it is valid to have a signature element not encrypted if there is nothing else in the message that is encrypted if the [Signature Protection] property value is set to ‘true’. This allows capturing scenarios like the one above.
Change the [Signature Protection] property description on lines 1305 – 1308 as follows:
This boolean property specifies whether the signature must be encrypted. If the value is 'true', the primary signature MUST be encrypted and any signature confirmation elements MUST also be encrypted. The primary signature element is not required to be encrypted if the value is ‘true’ when there is nothing else in the message that is encrypted. If the value is 'false', the primary signature MUST NOT be encrypted and any signature confirmation elements MUST NOT be encrypted. The default value for this property is 'false'.