- From: Rich Salz <rsalz@datapower.com>
- Date: Wed, 24 Nov 2004 10:19:37 -0500
- To: Francisco Curbera <curbera@us.ibm.com>
- CC: public-ws-addressing@w3.org
> As for IBM's security concerns, so far our experts tell us ref. props as > SOAP headers are ok as long as we consistently sign everything, which you > need to do in any case. Have you check this with Tony? :) The problem is that you cannot consistently sign everything in a SOAP 1.2 message (and 1.1 is trusting to luck) -- you need to "normalize" the content of the SOAP Header contents; see http://www.w3.org/TR/2003/NOTE-soap12-n11n-20031008/ You can sign "all" the individual headers (each one is a separate Reference within the Signature document), but that's not quite the same thing, because an adversary could insert an unsigned header in the message. In order to protect against this, your ws-addressing layer needs to tell your security layer about *all* the possible refs and params, so that the security layer can make sure that there are no unsigned refs or params. Or the security layer has to tell the ws-addr (or the application) which headers were signed and which ones weren't so that it can do the proper checks. Either way, that's a rather close coupling between layers. Because of this, I'm tending to favor that refs and params *not* being separate soap headers. Or that within the EndpointReference you have href/id links out to the specific header elements. /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
Received on Wednesday, 24 November 2004 15:12:02 UTC