OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [wss] Action item : Move Consolidated Issue 24-25 to list


The purpose of this msg is to address the action item I took in
our last teleconf, to move issues 24-25 onto the discussion list.

24. Why is it necessary to treat XML Signature elements
as other than security tokens?

25. Given the current core specification, how can a signature
element occuring outside of the header be referenced (as in,
identified for validation) from within a wsse header?

--------

The ws-security spec defined security tokens (STs) and security
token reference (STRs). STRs are used to cause STs that "reside
somewhere else" to be pulled by the receiving application or to
reference STs (presumably containing signing keys) from XML
DSIG elements.

The questions captured by issue 24-25 arose from a consideration
of how ws-security could be used to support a use case where
persistent, document centric signatures enveloped within a
SOAP body or attachment, could be referenced for validation from
a wsse header.

To be referencable by an STR such signatures would need
to be considered a ST, and more importantly would need to be
identifiable by STR.

If signatures should be considered STs, it should be possible
to extend the STR paradigm to reference them. If they are not
STs then referencing them would likely require that another
artifact be added to the model.

One thing to consider would be how signature references
would be secured, although I think reference integrity will
also be an issue where STRs are used to pull STs.

Since the last teleconf, Tony and I have had one discussion
on this topic, in the context of the larger issue set (3,4,5
19,and 23) that includes consideration of reference forms,
token labeling, and more formal treatment of proofs. 




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC