OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [wss] Order of elements


At 05:39 PM 10/07/2002, John Shewchuk wrote:

The original intent was to have the signature added and then the security token pre-pended so that a processor would have read and cached the token before it is used for processing efficiency.

How can you add a signature for an element that doesn't exist?

I have no objection to this, I'm simply saying that this isn't how I read the current ordering rule and if this is what we want, we need to change the words. 

-----Original Message-----
From: Jerry Schwarz [mailto:jerry.schwarz@oracle.com]
Sent: Tuesday, September 24, 2002 8:44 AM
To: Ahmed, Zahid; wss@lists.oasis-open.org
Subject: RE: [wss] Order of elements

At 07:29 AM 9/24/2002, Ahmed, Zahid wrote:

I agree that order of appearance should be first signed token
elment followed by the Signature element within the <wsse:Security>
header element.
Actually I was suggesting the opposite, that according to the ordering rule, the signature should be above the element being signed.

>What is the implication if subsequent processing wants to add
>another signature for the same security token?

I believe a signed (security) header element, such as signed
token element, may be referenced by an additional signature
element via wsse:SecurityTokenReference element. The wsu:Id
attribute is used to identify that the signature is associated
with the particular signed token element. Is there a restriction
of not being able to do that?
My question was what implication was there for the ordering of the various elements.

However, from a processing simplicity, it would have been
nice to have a strongly typed ordering where we could group
all tokens into <tokens> containing elment, all signatures
in a <signatures>, etc.
This is not how it works in the current document.

Zahid Ahmed

-----Original Message-----
From: Jerry Schwarz [mailto:jerry.schwarz@oracle.com]
Sent: Tuesday, September 24, 2002 6:58 AM
To: wss@lists.oasis-open.org
Subject: [wss] Order of elements



I have a question about the ordering rule, namely "As elements are added to
the <wsse:Security> header block, they should be prepended to the existing
elements."

This suggests to me that if I want to include a signed security token, I
would first add the token and then prepend a <ds:Signature/>
element.  However all examples show the opposite order with the security
token above the signature.   What have I misunderstood? What is the
implication if subsequent processing wants to add another signature for the
same security token?

----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC