Say that happens: what is wrong with that?
&Thomas.
-----Original Message-----
From: Ramana Turlapati
[mailto:ramana.rao.turlapati@oracle.com]
Sent: Friday, December 10, 2004
9:34 AM
To: Frederick.Hirsch@nokia.com;
wss@lists.oasis-open.org
Subject: Re: [wss] SwA Profile
draft 15 vote Dec 14
Start
with attachment with content-id "foo". After signing, content-id is
"<foo>" with security header holding a reference
"cid:foo".
After
signature verification (as described in 4.4.5), say we remove the security
header, the content-id remains "<foo>" where as it should have
been "foo".
/t$r
(Ramana
Turlapati)
Sent: Friday, December
10, 2004 7:38 AM
Subject: RE: [wss] SwA
Profile draft 15 vote Dec 14
why does removing the security header
cause any effective change to the attachment Content-ID header value?
I would think the header would remain the same.
regards,
Frederick
Frederick Hirsch
Nokia
From: ext
Ramana Turlapati [mailto:ramana.rao.turlapati@oracle.com]
Sent: Friday, December 10, 2004
12:30 AM
To: Hirsch Frederick
(Nokia-TP/Boston); wss@lists.oasis-open.org
Subject: Re: [wss] SwA Profile
draft 15 vote Dec 14
Let me try and rephrase the question.
Do you think Section 4.4.5 needs additional step
explaining resetting of Content-ID header after signature
verification and when attachments are referenced only within the Security
header?
I ask this because if the security header (that
references the attachment) is removed post verification, this effectively
changes the value of the content-id header of the attachment.
----- Original Message -----
Sent: Thursday, December
09, 2004 12:29 PM
Subject: RE: [wss] SwA
Profile draft 15 vote Dec 14
The transform does not modify the message,
rather it produces output that can be used as input to reference digest
operation. I don't understand the issue of angle bracket removal.
regards,
Frederick
Frederick Hirsch
Nokia
From: ext
Ramana Turlapati [mailto:ramana.rao.turlapati@oracle.com]
Sent: Thursday, December 09, 2004
3:23 PM
To: Hirsch Frederick
(Nokia-TP/Boston); Ramana RaoTurlapati; wss@lists.oasis-open.org
Subject: Re: [wss] SwA Profile
draft 15 vote Dec 14
Regarding #2, I'm not sure I understand
the issue. In either case the transform would include the angle brackets as
part of the header value (used for the digest) and in each case this header
would have those brackets (as part of a correct Content-ID header). This is
orthogonal to how the URI is formed to reference the attachment and how cid
resolution is performed.
I think the answer is "yes",
Content-ID header values must include angle brackets.
There is no argument on what needs to be
signed. The doc makes it very clear why "<>" need to be
included for the attachment complete transform. My dilemma is about what should
be the receiver (or security processing layer on the receiver side) doing after
the verification of the signature. Should it restore the original content-id
(without "<>") or leave them "<>" as they are?
If it removes them and there are swa-refs to the same attachment, swa-ref
processing will fail. If it leaves them as is and there are no swa-refs,
getting the attachment using original "content-id" will fail.
/t$r
(Ramana Turlapati)
regards, Frederick
Frederick Hirsch
Nokia
From: ext
Ramana Turlapati [mailto:ramana.rao.turlapati@oracle.com]
Sent: Wednesday, December 08, 2004
5:49 PM
To: Hirsch Frederick
(Nokia-TP/Boston); wss@lists.oasis-open.org
Subject: Re: [wss] SwA Profile
draft 15 vote Dec 14
Here are couple of items that need clarification.
1. Section 4.2 Referencing Attachments
--------------------------------------------------------------
I know this has been brought up in TC and nobody had any
objections for this limitation of not supporting referencing using content
location header.
I look at change log and see that initially SwA supported
CID scheme only. At a later pt of time (06/12/04) we included support
for Content Location and removed in the latest draft. Do we
know what was the basis of its inclusion, were we addressing a specific
requirement then?
On the same lines, is it appropriate for a WSS Profile to
limit the usage on grounds of interoperability and simplicity, or is it
something that BSP should do?
---------------------------------
Imagine a scenario where there are two SOAP Envelopes,
one with an attachment that is not referenced from the SOAP:Body , another with
the same attachment referenced from SOAP:Body (ala swa-ref).
Now if these attachments are signed using attachment
complete transform, in the first as well as second case, the signature is
computed with content-id and "<" brackets. Now how does the
receiver of these requests know what to restore as the real content-id of the
attachment ? Am I correct in thinking that in the latter case
"<>" have to be retained as the downstream swa-ref processing
is expecting to see it.
----- Original Message -----
Sent: Tuesday, December
07, 2004 6:13 AM
Subject: [wss] SwA Profile
draft 15 vote Dec 14
This is a reminder that we plan to vote on the SwA profile,
draft 15 [1] for Committee Draft, next Tuesday, 14 Dec.
Please review the specification in advance and post any
issues to the WSS mailling list.
regards,
Frederick
Frederick Hirsch
Nokia
|