Re: Issue 84 - Use of Decryption Transform

[Michael McIntosh <mikemci@us.ibm.com>]

"Hal Lockhart" <hlockhar@bea.com> wrote on 11/10/2004 02:45:11 PM:

> I believe the summary of this issue given at the last meeting was
> inaccurate or at least confusing. It has been dormant so long, I had
> forgotten what it was about. Here is what I believe the situation is.
>
> The decryption transform was invented to allow the xml signature and
> xml encryption specifications to be combined, when not using a
> scheme like WSS to specify the order of overlapping operations. The
> decryption transform essentially says to the receiver, before you
> check this signature you must decrypt the data and thus verify the
> signature over the cleartext.
>
> My position for some time has been that the order of encryption and
> signature elements in the security header can specify any ordering
> that the decryption transform can, so it is unneeded in WSS. As a
> general principle, I oppose having two ways to do exactly the same thing.

When there is one security header and no non-WSS XML sig/enc performed in
other headers, the order of processing can be determined by the order of
the signature and encryption elements within the security header - no
argument there.

When there are more than one security header, the decryption transform may
be necessary to provide the processing order required to verify a signature
that references elements that may have been encrypted for other
roles/actors prior or subsequent to the application of the signature. Since
one SOAP Node may perform multiple role(s)/actor(s), this information could
be used by that node to: a) order the role/actor processing, or b) to
reroute the message to another node.

> (Note, this prohibition only applies to signatures in the security
> header. Applications can include signatures which specify the
> decryption transform in the body. WSS will neither prohibit or process
these.)

Do you presume that all WSS processing would occur for all roles/actors
before any application level XML sig/enc processing at any role/actor? Even
in a case with only one security header, there could be other headers
targeted to roles/actors that use non-WSS XML sig/enc where the tranform
could be used to avoid conflict.

> When this was last discussed, Tony claimed there was a usecase in
> which the decryption transform was required. I have been waiting to
> see that usecase. If there is one, I will be happy to agree to
> allowing the use of the decryption transform. Last week I spoke to
> Mike McIntosh privately and he indicated that he intends to describe
> the usecase.

To summarize my position:
a) the transform is NOT needed when all potentially overlapping XML sig/enc
is decribed in one security header.
b) the transform MAY be needed when some potential exists for overlapping
XML sig/enc:
b.1) purely at the application level (out of scope),
b.2) between two security headers (in scope),
b.3) between a security header and application level (in scope).

> In any event, I do not believe this is my action item.
>
> Hal