[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: examples of signing element(s) in security header
We have the following prepending rule (RECOMMENDATION): | As elements are added to a <wsse:Security> header block, they SHOULD | be prepended to the existing elements. When we want to add a security timestamp and sign it, according to the rule above, we should prepend Timestamp element first and then prepend Signature element. The structure would be: <wsse:Security> <ds:Signature> (signing the Timestamp) <wsu:Timestamp> (to be signed) But, current example in chapter 11 of core has following structure: <wsse:Security> <wsu:Timestamp wsu:Id="T0"> <ds:Signature> <ds:SignedInfo> <ds:Reference URI="#T0"> Similarly, when we want to sign a token (or token reference) in the same Security header, we should prepend the token (reference) first and then prepend Signature element. <wsse:Security> <ds:Signature> (signing the token (reference)) <some token (reference)> (to be signed) Current examples in the following documents/sections do not have the elements in this order. - core / section 8.3 - X.509 profile / section 3.3.2 - REL profile / section 3.4 (the second and the third examples in this section - SAML profile / section 3.3.3 and section 3.4.2.3 Am I misunderstanding something? Or should these examples be corrected in errata? --- NISHIMURA Toshihiro (FAMILY Given) nishimura.toshi@jp.fujitsu.com STRATEGY AND TECHNOLOGY DIV., SOFTWARE GROUP, FUJITSU LIMITED
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]