W3C home > Mailing lists > Public > public-ws-addressing@w3.org > February 2005

Security Considerations - Initial Proposal

From: Martin Gudgin <mgudgin@microsoft.com>
Date: Mon, 21 Feb 2005 06:53:31 -0800
Message-ID: <DD35CC66F54D8248B6E04232892B633804D931FF@RED-MSG-43.redmond.corp.microsoft.com>
To: <public-ws-addressing@w3.org>
Cc: "Anthony Nadalin" <drsecure@us.ibm.com>, "Rich Salz" <rsalz@datapower.com>, "Chris Kaler" <ckaler@microsoft.com>

The following is an initial proposal for text for a security
considerations section for WS-Addressing. We may need to add stuff to
this, but I think this provides a 'minimum bar'.

Comments welcome,

Gudge

----------------------------

Security Considerations

EPRs SHOULD be integrity protected to prevent tampering. Such integrity
protection can be provided by transport or message level signatures.

Users of EPRs SHOULD only use EPRs from sources they trust. In practice
this is likely to mean that users of EPRs only use EPRs that are signed
by parties the user of the EPR trusts.

WS-Addressing headers (wsa:To, wsa:Action et.al.) including those
headers present as a result of processing ReferenceParameters in an EPR
SHOULD be integrity protected. Such integrity protection can be provided
by transport or message level signatures.

To prevent information disclosure EPR issuers SHOULD NOT put sensitive
information into wsa:Address values or Reference Parameters. 


In addition to the above, the following text needs to be in a normative
section of the spec, probably in the SOAP binding somewhere. We really
need to do this otherwise we'll have to define a WS-A normalization
algorithm and I'd much rather not do that...

To avoid breaking signatures, intermediaries MUST NOT change the XML
representation WS-Addressing headers. Specifically, intermediaries MUST
NOT remove XML content that explicitly indicates otherwise-implied
content, and intermediaries MUST NOT insert XML content to make implied
values explicit. For instance, if a RelationshipType attribute is
present with a value of "http://www.w3.org/@@@@/@@/addressing/reply", an
intermediary MUST NOT remove it; similarly, if there is no
RelationshipType attribute, an intermediary MUST NOT add one.
Received on Monday, 21 February 2005 15:09:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:35:03 GMT