[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [wss] Order of elements
The original intent was to have the signature added and then the security token pre-pended so that a processor would have read and cached the token before it is used for processing efficiency.
- -----Original Message-----
- From: Jerry Schwarz [mailto:jerry.schwarz@oracle.com]
- Sent: Tuesday, September 24, 2002 8:44 AM
- To: Ahmed, Zahid; wss@lists.oasis-open.org
- Subject: RE: [wss] Order of elements
- At 07:29 AM 9/24/2002, Ahmed, Zahid wrote:
- I agree that order of appearance should be first signed token
- elment followed by the Signature element within the <wsse:Security>
- header element.
- Actually I was suggesting the opposite, that according to the ordering rule, the signature should be above the element being signed.
- >What is the implication if subsequent processing wants to add
- >another signature for the same security token?
- I believe a signed (security) header element, such as signed
- token element, may be referenced by an additional signature
- element via wsse:SecurityTokenReference element. The wsu:Id
- attribute is used to identify that the signature is associated
- with the particular signed token element. Is there a restriction
- of not being able to do that?
- My question was what implication was there for the ordering of the various elements.
- However, from a processing simplicity, it would have been
- nice to have a strongly typed ordering where we could group
- all tokens into <tokens> containing elment, all signatures
- in a <signatures>, etc.
- This is not how it works in the current document.
- Zahid Ahmed
- -----Original Message-----
- From: Jerry Schwarz [mailto:jerry.schwarz@oracle.com]
- Sent: Tuesday, September 24, 2002 6:58 AM
- To: wss@lists.oasis-open.org
- Subject: [wss] Order of elements
- I have a question about the ordering rule, namely "As elements are added to
- the <wsse:Security> header block, they should be prepended to the existing
- elements."
- This suggests to me that if I want to include a signed security token, I
- would first add the token and then prepend a <ds:Signature/>
- element. However all examples show the opposite order with the security
- token above the signature. What have I misunderstood? What is the
- implication if subsequent processing wants to add another signature for the
- same security token?
- ----------------------------------------------------------------
- To subscribe or unsubscribe from this elist use the subscription
- manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC