OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] Recently discover WSS security threat

> So whatever transform you use, the *output* of the transform has to look
> like:
> <soap:Envelope>
>   <soap:Header>
>     <my:header wsu:id="abc">
>        ...
>     </my:header>
>   </soap:Header>
>   <soap:Body>
>     ...
>   </soap:Body>
> </soap:Envelope>

I just re-read the sectin of the spec you linked to.

Are you trying to protect against a stand-alone signature on a header
element being re-used?

	/r$

-- 
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]