W3C home > Mailing lists > Public > public-ws-policy-qa@w3.org > September 2006

[Bug 3708] Updated Security Considerations section in framework document: Add mention of use of XML Signature to sign policy

From: <bugzilla@wiggum.w3.org>
Date: Tue, 12 Sep 2006 19:39:44 +0000
CC:
To: public-ws-policy-qa@w3.org
Message-Id: <E1GNE6i-0000IC-LM@wiggum.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=3708

           Summary: Updated Security Considerations section in framework
                    document: Add mention of use of XML Signature to sign
                    policy
           Product: WS-Policy
           Version: FPWD
          Platform: Macintosh
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: New Charter
        AssignedTo: frederick.hirsch@nokia.com
        ReportedBy: frederick.hirsch@nokia.com
         QAContact: public-ws-policy-qa@w3.org


Policy may need integrity protection, yet not in the context of a SOAP message.
For this reason XML Signature may be used.

Mention of use of XML Signature for this purpose can be added to the Framework
Security Considerations section of the Framework document.

Proposed changes to framework document:

1) Add sentence at end of current section 5 (Security Considerations):

Policies may be signed using XML Signature to provide integrity protection and
origin authentication, especially in contexts where message security is not
appropriate.

2) Incorporate  security considerations listed in contributed primer into
Framework document
See Appendix A in PDF referenced in
http://lists.w3.org/Archives/Public/public-ws-policy/2006Jul/0001
Received on Tuesday, 12 September 2006 19:39:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:21:08 GMT