[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Recently discover WSS security threat
] Hm, won't this work?
] /soap:Envelope/S:Header/*[@wsu:id='123']
It depends where you put it.
If you mean
...
<dsig-xpath:XPath Filter="subtract">
/soap:Envelope/soap:Header/*
</dsig-xpath:XPath>
<dsig-xpath:XPath Filter="union">
/soap:Envelope/soap:Header/*[@wsu:id='123']
</dsig-xpath:XPath>
...
then, yes, I think that also works. It also has the nice feature then
that in this case we don't have to worry which attributes are of type ID
and which aren't. We also don't have to worry about what happens if
someone else adds a new header with a duplicate wsu:id value, since that
would break the signature.
&Thomas.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]