[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: examples of signing element(s) in security header
We have the following prepending rule (RECOMMENDATION):
| As elements are added to a <wsse:Security> header block, they SHOULD
| be prepended to the existing elements.
When we want to add a security timestamp and sign it, according to the
rule above, we should prepend Timestamp element first and then prepend
Signature element. The structure would be:
<wsse:Security>
<ds:Signature> (signing the Timestamp)
<wsu:Timestamp> (to be signed)
But, current example in chapter 11 of core has following structure:
<wsse:Security>
<wsu:Timestamp wsu:Id="T0">
<ds:Signature>
<ds:SignedInfo>
<ds:Reference URI="#T0">
Similarly, when we want to sign a token (or token reference) in the
same Security header, we should prepend the token (reference) first
and then prepend Signature element.
<wsse:Security>
<ds:Signature> (signing the token (reference))
<some token (reference)> (to be signed)
Current examples in the following documents/sections do not have the
elements in this order.
- core / section 8.3
- X.509 profile / section 3.3.2
- REL profile / section 3.4 (the second and the third examples in
this section
- SAML profile / section 3.3.3 and section 3.4.2.3
Am I misunderstanding something?
Or should these examples be corrected in errata?
---
NISHIMURA Toshihiro (FAMILY Given)
nishimura.toshi@jp.fujitsu.com
STRATEGY AND TECHNOLOGY DIV., SOFTWARE GROUP, FUJITSU LIMITED
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]