[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: NEW Issue: Unclear behavior for RequireSignatureConfirmation Assertionwhere there is no Signature
PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER. The issues coordinators will notify the list when that has occurred. Protocol: WS-SecurityPolicy WS-SecurityPolicy 1.2 OASIS Standard 1 July 2007 ( http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.pdf ) Artifact: spec Type: design Title: Unclear behavior for RequireSignatureConfirmation Assertion where there is no Signature Description: The description of the RequireSignatureConfirmation assertion behavior from line 2550 to 2556, that the wsse11:SignatureConfirmation elements MUST be used and signed by the message signature (when the value is set to true for Signature Confirmation property). What happen for cases that there is no sp:SignedParts or sp:SignedElements defined in the policy, in this case, there is no Signature in the message, should the Signature Confirmation element be signed? "This boolean property specifies whether wsse11:SignatureConfirmation elements should be used as defined in WSS: Soap Message Security 1.1. If the value is 'true', wsse11:SignatureConfirmation elements MUST be used and signed by the message signature. If the value is 'false', signature confirmation elements MUST NOT be used. The value of this property applies to all signatures that are included in the security header. This property has a default value of 'false'." Related issues: Proposed Resolution: Thanks, Henry
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]