[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Issue 13, Lines 856-858 in Core, discussed at the call today
I guess I agree with Ron. When I read the text on lines on lines
856-858, it sounds like I have to do something "different". But, unless
I do not understand the gist of the conversation, I basically just need
to follow the standard rules as laid out in the paragraph starting on
line 435.
While Thomas' proposed replacement text is better than what is there
now, let me suggest another, more verbose, alternative:
Finally, if a producer wishes to sign a message before encryption,
then following the ordering rules laid out in section 5, "Security
Header", they SHOULD first prepend the signature element to the
<wsse:Security> header, and then prepend the encryption element,
resulting in a <wss:Security> header that has the encryption element
first, followed by the signature element:
+------------------------+
| <wsse:Security> header |
+------------------------+
| [encryption element] |
| [signature element] |
| : |
| : |
+------------------------+
Likewise, if a producer wishes to sign a message after encryption,
they SHOULD first prepend the encryption element to the
<wsse:Security>
header, and then prepend the signature element. This will result in
a
<wsse:Security> header that has the signature element first,
followed
by the encryption element:
+------------------------+
| <wsse:Security> header |
+------------------------+
| [signature element] |
| [encryption element] |
| : |
| : |
+------------------------+
-----Original Message-----
From: Ron Monzillo [mailto:Ronald.Monzillo@Sun.COM]
Sent: Tuesday, January 13, 2004 11:41 AM
To: DeMartini, Thomas
Cc: wss@lists.oasis-open.org
Subject: Re: [wss] Issue 13, Lines 856-858 in Core, discussed at the
call today
Thomas,
I would prefer that the two existing sentences simply be removed. I find
them
incongruous WRT the description of algorithms which preceeds them and,
as was
pointed out in the call, they can be read to mean that a producer
somehow should
change the order of existing signature and encryption elements in a
header.
I think the text beginning at line 435 and also that of section 9.4
define how signature
and encryption elements must be ordered.
That said, I think your text is an improvement over what's in the doc.
Ron
DeMartini, Thomas wrote:
> I can understand the meaning of 856-858 when read in context, so I
> don't think a change is absolutely necessary. However, I would like to
> offer the following text, which I think more clearly states the
> intention of these lines:
>
>
> "Finally, if a producer wishes to sign a message before encryption,
> they SHOULD place the signature element after the encryption element
> inside of the <wsse:Security> header. If a producer wishes to sign a
> message after encryption, they SHOULD place the signature element
> before the encryption element inside of the <wsse:Security> header."
>
> instead of
>
> "Finally, if a producer wishes to sign a message before encryption,
> they SHOULD alter the order of the signature and encryption elements
> inside of the <wsse:Security> header. This order of elements
> represents order of operations."
>
> If there is disagreement with the proposed clarification, I am fine
> with the existing text.
>
> &Thomas.
>
To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup
.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]