MHonArc v2.5.0b2 -->
ebxml-msg message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [ebxml-msg] RE: [wsi_secprofile] RE: FW: WSS27 issue
Dale and Gudge,
Thank you for the clarification. It may have been my misunderstanding that
led to the idea we (the ebXML Messaging TC) would have to recommend putting
a detached signature into a separate MIME part. I came to that because I
could not see (and still am not sure I understand) how to sign the entire
SOAP envelope, less the signature and any soap:actor='next' headers, using
a detached signature carried in the SOAP header itself.
The current (ebXML Messaging 2.0) approach is to use an enveloped signature
and XSLT transform that removes the signature and parts intermediaries may
change. One approach using a detached signature would explicitly sign the
individual SOAP headers of interest and the SOAP body but that approach
would not result in a signature validation fault if an intermediary
inserted a new SOAP header directed to the final destination. I went from
that not seeming to be the best option to putting a detached signature
referencing the entire SOAP envelope (with a nearly identical XSLT
'exclusion' transform to what is in the protocol today) into a separate
MIME part. What are some other options?
thanx,
doug
On 18-Mar-04 10:27, Dale Moberg wrote:
> Hi Ian,
>
> Gudge is right.
>
> EbMS is not assuming that the signature is in a separate MIME part. WSS
> defines a
> SOAP header block and whether using SWA or not, the wsse:security block
> is in the soap:envelope/soap:header contents.
>
> Dale
>
>