[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [wss] Action item : Move Consolidated Issue 24-25 to list
The purpose of this msg is to address the action item I took in our last teleconf, to move issues 24-25 onto the discussion list. 24. Why is it necessary to treat XML Signature elements as other than security tokens? 25. Given the current core specification, how can a signature element occuring outside of the header be referenced (as in, identified for validation) from within a wsse header? -------- The ws-security spec defined security tokens (STs) and security token reference (STRs). STRs are used to cause STs that "reside somewhere else" to be pulled by the receiving application or to reference STs (presumably containing signing keys) from XML DSIG elements. The questions captured by issue 24-25 arose from a consideration of how ws-security could be used to support a use case where persistent, document centric signatures enveloped within a SOAP body or attachment, could be referenced for validation from a wsse header. To be referencable by an STR such signatures would need to be considered a ST, and more importantly would need to be identifiable by STR. If signatures should be considered STs, it should be possible to extend the STR paradigm to reference them. If they are not STs then referencing them would likely require that another artifact be added to the model. One thing to consider would be how signature references would be secured, although I think reference integrity will also be an issue where STRs are used to pull STs. Since the last teleconf, Tony and I have had one discussion on this topic, in the context of the larger issue set (3,4,5 19,and 23) that includes consideration of reference forms, token labeling, and more formal treatment of proofs.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC