[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] examples of signing element(s) in security header
In any case, it is better to provide straightforward (easy to
understand) example for the readers.
So, I'd like to propose the following processing order for the example
of chapter 11.
1. put a timestamp
(prepend a <wsu:Timestamp> element)
2. sign the timestamp and the body
(prepend a <ds:Signature> element and then a
<wsse:BinarySecurityToken> element for the certificate)
3. encrypt the body
(prepend a <xenc:EncryptedKey> element)
The resulting element order in the Security header block will be:
<wsse:Security>
<xenc:EncryptedKey>... (the key used for encryption)
<wsse:BinarySecurityToken>... (the certificate to verify the signature)
<ds:Signature>... (the signature over the timestamp and the body)
<wsu:Timestamp>... (the timestamp being signed)
</wsse:Security>
Current order is:
<wsse:Security>
<wsu:Timestamp>... (the timestamp being signed)
<wsse:BinarySecurityToken>... (the certificate to verify the signature)
<xenc:EncryptedKey>... (the key used for encryption)
<ds:Signature>... (the signature over the timestamp and the body)
</wsse:Security>
---
Toshi
From: Anthony Nadalin <drsecure@us.ibm.com>
> I'm not sure that works, as you may have namespace issues since the
> namespaces may be different from when you sign the elements and then
> place them in the security header, you could have different
> namespaces.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]