OASIS ebXML Messaging Services TC

Re: [ebxml-msg] RE: [wsi_secprofile] RE: FW: WSS27 issue

  • 1.  Re: [ebxml-msg] RE: [wsi_secprofile] RE: FW: WSS27 issue

    Posted 03-18-2004 19:37
     MHonArc v2.5.0b2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    ebxml-msg message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


    Subject: Re: [ebxml-msg] RE: [wsi_secprofile] RE: FW: WSS27 issue


    Dale and Gudge,
    
    Thank you for the clarification.  It may have been my misunderstanding that 
    led to the idea we (the ebXML Messaging TC) would have to recommend putting 
    a detached signature into a separate MIME part.  I came to that because I 
    could not see (and still am not sure I understand) how to sign the entire 
    SOAP envelope, less the signature and any soap:actor='next' headers, using 
    a detached signature carried in the SOAP header itself.
    
    The current (ebXML Messaging 2.0) approach is to use an enveloped signature 
    and XSLT transform that removes the signature and parts intermediaries may 
    change.  One approach using a detached signature would explicitly sign the 
    individual SOAP headers of interest and the SOAP body but that approach 
    would not result in a signature validation fault if an intermediary 
    inserted a new SOAP header directed to the final destination.  I went from 
    that not seeming to be the best option to putting a detached signature 
    referencing the entire SOAP envelope (with a nearly identical XSLT 
    'exclusion' transform to what is in the protocol today) into a separate 
    MIME part.  What are some other options?
    
    thanx,
    	doug
    
    On 18-Mar-04 10:27, Dale Moberg wrote:
    
    > Hi Ian,
    > 
    > Gudge is right. 
    > 
    > EbMS is not assuming that the signature is in a separate MIME part. WSS
    > defines a
    > SOAP header block and whether using SWA or not, the wsse:security block
    > is in the soap:envelope/soap:header contents.
    > 
    > Dale
    > 
    >