From: Jan Alexander
Sent: Monday, January 29, 2007 5:29 PM
Cc: Marc Goodner
Subject: [ws-sx] NEW Issue: Signature protection semantics clarification
DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS
ASSIGNED A NUMBER.
issues coordinators will notify the list when that has occurred.
protection semantics clarification
the security binding [Signature Protection] property requires that all
signature and signature confirmation elements MUST be encrypted when the
property value is set to ‘true’. Given the fact that this property
is only settable on security binding and security binding assertion can be
associated with endpoint or operation scope only, it is not possible to express
this requirement for individual messages or faults. Sometimes individual
messages for a single operation may differ as to what message parts are
encrypted in those messages. Generally, if there is nothing encrypted in the
message, encrypting the signature does not add value from the security
standpoint, it only degrades the performance. But given the current design, it
is not possible to express signature protection requirement is such a way that
would require signature element to be encrypted only for messages where there
is at least one part encrypted. The proposal below changes the semantics of the
[Signature Protection] assertion so that it is valid to have a signature
element not encrypted if there is nothing else in the message that is encrypted
if the [Signature Protection] property value is set to ‘true’. This
allows capturing scenarios like the one above.
the [Signature Protection] property description on lines 1305 – 1308 as
boolean property specifies whether the signature must be encrypted. If the
value is 'true', the primary signature MUST be encrypted and any signature
confirmation elements MUST also be encrypted. The primary signature element is
not required to be encrypted if the value is ‘true’ when there is
nothing else in the message that is encrypted. If the value is 'false', the
primary signature MUST NOT be encrypted and any signature confirmation elements
MUST NOT be encrypted. The default value for this property is 'false'.