RE: [wss] Order of elements

["Ahmed, Zahid" <zahid.ahmed@commerceone.com>]

Title: RE: [wss] Order of elements

I agree that order of appearance should be first signed token
elment followed by the Signature element within the <wsse:Security>
header element.

>What is the implication if subsequent processing wants to add
>another signature for the same security token?

I believe a signed (security) header element, such as signed
token element, may be referenced by an additional signature
element via wsse:SecurityTokenReference element. The wsu:Id
attribute is used to identify that the signature is associated
with the particular signed token element. Is there a restriction
of not being able to do that?

However, from a processing simplicity, it would have been
nice to have a strongly typed ordering where we could group
all tokens into <tokens> containing elment, all signatures
in a <signatures>, etc.

Zahid Ahmed

-----Original Message-----
From: Jerry Schwarz [mailto:jerry.schwarz@oracle.com]
Sent: Tuesday, September 24, 2002 6:58 AM
To: wss@lists.oasis-open.org
Subject: [wss] Order of elements

I have a question about the ordering rule, namely "As elements are added to
the <wsse:Security> header block, they should be prepended to the existing
elements."

This suggests to me that if I want to include a signed security token, I
would first add the token and then prepend a <ds:Signature/>
element.  However all examples show the opposite order with the security
token above the signature.   What have I misunderstood? What is the
implication if subsequent processing wants to add another signature for the
same security token?

----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>