[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Recently discover WSS security threat
Rich Salz <rsalz@datapower.com> wrote on 05/28/2005 08:16:13 AM: > > So whatever transform you use, the *output* of the transform has to look > > like: > > <soap:Envelope> > > <soap:Header> > > <my:header wsu:id="abc"> > > ... > > </my:header> > > </soap:Header> > > <soap:Body> > > ... > > </soap:Body> > > </soap:Envelope> > > I just re-read the sectin of the spec you linked to. > > Are you trying to protect against a stand-alone signature on a header > element being re-used? That is a whole other can of worms ;-) I think the security policy and subsequent enformcement needs to prevent Frankenstein messages by differentiating between a single signature over multiple elements and multiple signatures over individual elements. > > /r$ > > -- > Rich Salz Chief Security Architect > DataPower Technology http://www.datapower.com > XS40 XML Security Gateway http://www.datapower.com/products/xs40.html > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]