[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [wss] Order of elements
I agree that order of appearance should be first signed token
elment followed by the Signature element within the <wsse:Security>
header element.
>What is the implication if subsequent processing wants to add
>another signature for the same security token?
I believe a signed (security) header element, such as signed
token element, may be referenced by an additional signature
element via wsse:SecurityTokenReference element. The wsu:Id
attribute is used to identify that the signature is associated
with the particular signed token element. Is there a restriction
of not being able to do that?
However, from a processing simplicity, it would have been
nice to have a strongly typed ordering where we could group
all tokens into <tokens> containing elment, all signatures
in a <signatures>, etc.
Zahid Ahmed
-----Original Message-----
From: Jerry Schwarz [mailto:jerry.schwarz@oracle.com]
Sent: Tuesday, September 24, 2002 6:58 AM
To: wss@lists.oasis-open.org
Subject: [wss] Order of elements
I have a question about the ordering rule, namely "As elements are added to
the <wsse:Security> header block, they should be prepended to the existing
elements."
This suggests to me that if I want to include a signed security token, I
would first add the token and then prepend a <ds:Signature/>
element. However all examples show the opposite order with the security
token above the signature. What have I misunderstood? What is the
implication if subsequent processing wants to add another signature for the
same security token?
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC