W3C home > Mailing lists > Public > public-ws-addressing@w3.org > November 2004

NEW ISSUE: Securing EPRs

From: Marc Hadley <Marc.Hadley@Sun.COM>
Date: Wed, 24 Nov 2004 10:19:43 -0500
To: public-ws-addressing@w3.org
Message-id: <44A0547C-3E2C-11D9-8A29-000A95BC8D92@Sun.COM>

Title: Securing EPRs

Description: As has been mentioned in several threads, use of  
addressing headers and reference props/params opens several avenues for  
attack by malicious message senders. Message security is often cited as  
a way to defeat such attacks, see e.g. "It's not a problem for me  
because I'll only trust EPRs signed by certain parties"[1]. The  
specification[2] states that "Whenever an address is specified (e.g.  
<wsa:From>,  <wsa:ReplyTo>, <wsa:FaultTo>, ...), the processor should  
ensure that a signature is provided with claims allowing it to speak  
for the specified target in order to prevent certain classes of attacks  
(e.g. redirects)." but doesn't really nail down what qualifies a  
signature to "speak for the specified target"

Justification: To have any hope of interoperability, the specification  
needs to provide more exact guidance on the contents of security  
artifacts that must be included in a message for a receiver to trust  
the EPRs included in it.

Target: SOAP binding

Proposal: Add more exact language to the specification outlining the  
message security requirements that must be met for an EPR to be  
trusted. Add a standard fault that may be returned on receipt of a  
message that fails to meet such security requirements.

Marc Hadley <marc.hadley at sun.com>
Web Technologies and Standards, Sun Microsystems.
Received on Wednesday, 24 November 2004 15:19:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:04:07 UTC