W3C home > Mailing lists > Public > public-ws-addressing@w3.org > November 2004

NEW ISSUE: Securing EPRs

From: Marc Hadley <Marc.Hadley@Sun.COM>
Date: Wed, 24 Nov 2004 10:19:43 -0500
To: public-ws-addressing@w3.org
Message-id: <44A0547C-3E2C-11D9-8A29-000A95BC8D92@Sun.COM>

Title: Securing EPRs

Description: As has been mentioned in several threads, use of  
addressing headers and reference props/params opens several avenues for  
attack by malicious message senders. Message security is often cited as  
a way to defeat such attacks, see e.g. "It's not a problem for me  
because I'll only trust EPRs signed by certain parties"[1]. The  
specification[2] states that "Whenever an address is specified (e.g.  
<wsa:From>,  <wsa:ReplyTo>, <wsa:FaultTo>, ...), the processor should  
ensure that a signature is provided with claims allowing it to speak  
for the specified target in order to prevent certain classes of attacks  
(e.g. redirects)." but doesn't really nail down what qualifies a  
signature to "speak for the specified target"

Justification: To have any hope of interoperability, the specification  
needs to provide more exact guidance on the contents of security  
artifacts that must be included in a message for a receiver to trust  
the EPRs included in it.

Target: SOAP binding

Proposal: Add more exact language to the specification outlining the  
message security requirements that must be met for an EPR to be  
trusted. Add a standard fault that may be returned on receipt of a  
message that fails to meet such security requirements.

[1]  
http://www.w3.org/mid/DD35CC66F54D8248B6E04232892B633804099D3E@RED-MSG 
-43.redmond.corp.microsoft.com
[2]  
http://dev.w3.org/cvsweb/~checkout~/2004/ws/addressing/ws-addr- 
soap.html
---
Marc Hadley <marc.hadley at sun.com>
Web Technologies and Standards, Sun Microsystems.
Received on Wednesday, 24 November 2004 15:19:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:34:59 GMT