[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 84 followup question on wss header blocks, intermediaries, and interleaving
Hi Hal, I have some questions about the model you and/or WSS adopt to establish things such as "XML Decryption transform not needed" The implicit model does not seem general enough to formulate cases that eventually need consideration for SOAP security situations. In the attachment, a model with more general assumptions is presented and an example of "interleaving" case is mentioned. These seem to me to be worth treating in SOAP security with intermediaries. I have not seen how these cases are to be dealt with. I think I agree with you that the XML decryption transform would not help in its present form, though. There probably are ways to disallow these cases, such as permitting only one wsse header block, but they are fairly drastic reductions in usability. Scanning over header blocks for wsse blocks and knowing sequence of addition might also work even when multiple blocks are allowed. However, to make use of this technique, wss would need to say something about the order of wsse header block processing. The SOAP processing model used to insist that no specific header block processing order can be assumed, but I have not rechecked the approved SOAP version on that detail. Thanks Dale Moberg
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]