MHonArc v2.5.0b2 -->
ebxml-msg message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [ebxml-msg] Groups - Security Concern - Bullet Items
Here is the list of security sections bullet items I promised to put
together. I reserve the right to add to the list after thinking about
this subject some more.
- Message signature and encryption is specified in WSS1.0 and WSS1.1.
- The structure and content of the Security element MUST conform to the
Web Services Security 1.0 or Web Services Security 1.1 - Depending on
conformance profile being utilized.
- To promote interoperability the security element MUST conform to the
WS-I Basic Security Profile Version 1.0, and the WS-I Attachments
Profile Version 1.0.
- It is not clear to me if we are requiring Security support in all
compliant MSHs. If required the spec should read - Support for the X.509
Certificate Token Profile and Username TokenName Profile are REQUIRED.
If Security support is not required, then RECOMMENDED should be stated.
- It is RECOMMENDED that the eb:Messaging Container Element, the SOAP
Body, and all attachments be included in the signature.
- As outlined in WS-I Basic Security Profile, support for Detached
Signatures is REQUIRED. An MSH implementation MAY support Enveloped
Signatures as defined in the XML Signature Specification. Enveloped
Signatures add an additional level of security in preventing the
addition of XML elements to the SOAP Header. Enveloped Signatures may
limit the ability of intermediaries to process messages.
- It is REQUIRED that compliant MSH implementations support the
Attachment-Content-Only transform. It is RECOMMENDED that compliant MSH
implementations support the Attachment-Complete transform.
-An MSH implementation may encrypt the eb:Messaging Container Element.
The eb:PartyInfo section may be used to aid in message routing before
decryption has occurred. It is RECOMMENDED that the eb:PartyInfo
elements not be encrypted.
- When both signature and encryption are required of the MSH, sign first
and then encrypt.
Ric
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]