OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [wss] SwA Profile draft 15 vote Dec 14


+1
 
That is what I was trying to say earlier.
 

regards, Frederick

Frederick Hirsch
Nokia

 


From: ext Blake Dournaee [mailto:blake@sarvega.com]
Sent: Friday, December 10, 2004 2:46 PM
To: Hirsch Frederick (Nokia-TP/Boston); rturlapa@oracle.com; wss@lists.oasis-open.org
Subject: RE: [wss] SwA Profile draft 15 vote Dec 14

Ramana, Frederick -

 

I think the confusion here is that the attachment-complete transform does not actually alter the source document, just the octets that are the result of the transform. The source data remains intact (I thought).

 

Blake

 


From: Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com]
Sent: Friday, December 10, 2004 11:39 AM
To: rturlapa@oracle.com; wss@lists.oasis-open.org
Subject: RE: [wss] SwA Profile draft 15 vote Dec 14

 

I believe the Content-ID should have the value <foo> initially and the corresponding cid scheme reference cid:foo.

 

I still do not see why you are saying the brackets change.

 

regards, Frederick

Frederick Hirsch
Nokia

 

 


From: ext Ramana Turlapati [mailto:ramana.rao.turlapati@oracle.com]
Sent: Friday, December 10, 2004 12:34 PM
To: Hirsch Frederick (Nokia-TP/Boston); wss@lists.oasis-open.org
Subject: Re: [wss] SwA Profile draft 15 vote Dec 14

Start with attachment with content-id "foo". After signing, content-id is "<foo>" with security header holding a reference "cid:foo".

After signature verification (as described in 4.4.5), say we remove the security header, the content-id remains "<foo>" where as it should have been "foo".

/t$r

(Ramana Turlapati)

----- Origi

nal Message -----

Sent: Friday, December 10, 2004 7:38 AM

Subject: RE: [wss] SwA Profile draft 15 vote Dec 14

 

why does removing the security header cause any effective change to the attachment Content-ID header value?  I would think the header would remain the same.

 

regards, Frederick

Frederick Hirsch
Nokia

 

 


From: ext Ramana Turlapati [mailto:ramana.rao.turlapati@oracle.com]
Sent: Friday, December 10, 2004 12:30 AM
To: Hirsch Frederick (Nokia-TP/Boston); wss@lists.oasis-open.org
Subject: Re: [wss] SwA Profile draft 15 vote Dec 14

Frederick,

 

Let me try and rephrase the question.

 

Do you think Section 4.4.5 needs additional step explaining resetting of Content-ID header after signature verification  and when attachments are referenced only within the Security header?

 

I ask this because  if the security header (that references the attachment) is removed post verification, this effectively changes the value of the content-id header of the attachment.

 

/t$r

(Ramana Turlapati)

----- Original Message -----

Sent: Thursday, December 09, 2004 12:29 PM

Subject: RE: [wss] SwA Profile draft 15 vote Dec 14

 

The transform does not modify the message, rather it produces output that can be used as input to reference digest operation. I don't understand the issue of angle bracket removal.

 

regards, Frederick

Frederick Hirsch
Nokia

 

 


From: ext Ramana Turlapati [mailto:ramana.rao.turlapati@oracle.com]
Sent: Thursday, December 09, 2004 3:23 PM
To: Hirsch Frederick (Nokia-TP/Boston); Ramana RaoTurlapati; wss@lists.oasis-open.org
Subject: Re: [wss] SwA Profile draft 15 vote Dec 14

Frederick,

Regarding #2, I'm not sure I understand the issue. In either case the transform would include the angle brackets as part of the header value (used for the digest) and in each case this header would have those brackets (as part of a correct Content-ID header). This is orthogonal to how the URI is formed to reference the attachment and how cid resolution is performed.

 

I think the answer is "yes", Content-ID header values must include angle brackets.

There is no argument on what needs to be signed. The doc makes it very clear why "<>" need to be included for the attachment complete transform. My dilemma is about what should be the receiver (or security processing layer on the receiver side) doing after the verification of the signature. Should it restore the original content-id (without "<>") or leave them "<>" as they are?  If it removes them and there are swa-refs to the same attachment, swa-ref processing will fail. If it leaves them as is and there are no swa-refs, getting the attachment using original "content-id" will fail.

 

 

/t$r

(Ramana Turlapati)

regards, Frederick

Frederick Hirsch
Nokia

 

 


From: ext Ramana Turlapati [mailto:ramana.rao.turlapati@oracle.com]
Sent: Wednesday, December 08, 2004 5:49 PM
To: Hirsch Frederick (Nokia-TP/Boston); wss@lists.oasis-open.org
Subject: Re: [wss] SwA Profile draft 15 vote Dec 14

Frederick,

 

Here are couple of items that need clarification.

 

1. Section 4.2  Referencing Attachments

--------------------------------------------------------------

I know this has been brought up in TC and nobody had any objections for this limitation of not supporting referencing using content location header.

 

I look at change log and see that initially SwA supported CID scheme only. At a later pt of time (06/12/04) we included support for  Content Location and removed in the latest draft. Do we know what was the basis of its inclusion, were we addressing a specific requirement then?

 

On the same lines, is it appropriate for a WSS Profile to limit the usage on grounds of interoperability and simplicity, or is it something that BSP should do?

 

 

2. Section 4.4.1 Step 7

---------------------------------

Imagine a scenario where there are two SOAP Envelopes, one with an attachment that is not referenced from the SOAP:Body , another with the same attachment referenced from SOAP:Body (ala swa-ref).

 

Now if these attachments are signed using attachment complete transform, in the first as well as second case, the signature is computed with content-id and "<" brackets. Now how does the receiver of these requests know what to restore as the real content-id of the attachment ? Am I correct in thinking that in the latter case "<>" have to be retained as the downstream swa-ref processing is expecting to see it.

 

 

/t$r

(Ramana Turlapati)

----- Original Message -----

Sent: Tuesday, December 07, 2004 6:13 AM

Subject: [wss] SwA Profile draft 15 vote Dec 14

 

This is a reminder that we plan to vote on the SwA profile, draft 15 [1] for Committee Draft, next Tuesday, 14 Dec.

 

Please review the specification in advance and post any issues to the WSS mailling list.

 

Thank you.

regards, Frederick

Frederick Hirsch
Nokia

 

PDF with diff marks:

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]