OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] Proposed text on C14N


My point, which I probably didn't make clear enough, is that the WS-Security
spec. allows ways for an implementation to perform a signature which
requires exclusive cononicalization, inclusive cononicalization or neither
in order for the signature to be properly validated.  While there are
alternate means of signing, the spec does not give any guidance nor any
warning.  What I was suggesting was that we give some guidance or at least a
warning as to when the proper cononicalization is appropriate.  This is a
pretty subtle subject where many people will be taken by surprise by an
unexpected result.


-----Original Message-----
From: Hal Lockhart [mailto:hlockhar@bea.com]
Sent: Wednesday, September 03, 2003 11:00 AM
To: flinn@alum.mit.edu; merlin@baltimore.ie; Rich Salz
Cc: wss@lists.oasis-open.org
Subject: RE: [wss] Proposed text on C14N

> The SAML token may contain its own digital signature.  A signed SAML token
> can then be placed in the SOAP header and the token signed.

I think in this case it may be simpler and more foolproof to include only
the issuer and assertion id under the second signature.


To unsubscribe from this mailing list (and be removed from the roster of the
OASIS TC), go to

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]