W3C home > Mailing lists > Public > public-xmlsec-maintwg@w3.org > May 2008

Best Practices Streaming Web services ....

From: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
Date: Mon, 19 May 2008 16:11:44 +0200
Message-ID: <48318AA0.10107@iaik.tugraz.at>
To: XMLSec <public-xmlsec-maintwg@w3.org>
Dear all,

I'm siting in a Workshop about the problems when using Web Services and
XMLDSIG, and it's all quite complicated ...

The main problem is the data is not between the
reference/transforms/algorithms and the DigestValue ... which is well
known since ages.

What I ask myself: Why don't people using XMLDSIG for WebServices put
the signed data in between then?

ie.: Put a ds:Manifest without DigestValues as the first child of the
document element and use a ds:Signature at the end of the document (last
child of the document element), that has a single ds:Reference with
omitted URI, and specify that this is to reference this ds:Manifest at
the beginning.

Then define a transform that inlines the ds:DigestValues computed while
streaming processing ....

Voila, ... Signed Streaming Webservices without head aches.

I'm looking forward to interesting discussions.

Konrad

Btw.:  I would like to thank the people at the
http://www.tu-ilmenau.de/fakmn/Programm.7151.0.html
  for trying to contest my idea.

I would be very eager to know what our working group thinks about this idea?

And does anyone know why SOAP makes it's life so hard with security?

-- 
Konrad Lanz, IAIK/SIC - Graz University of Technology
Inffeldgasse 16a, 8010 Graz, Austria
Tel: +43 316 873 5547
Fax: +43 316 873 5520
https://www.iaik.tugraz.at/aboutus/people/lanz
http://jce.iaik.tugraz.at

Certificate chain (including the EuroPKI root certificate):
https://europki.iaik.at/ca/europki-at/cert_download.htm






Received on Monday, 19 May 2008 14:12:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 19 May 2008 14:12:29 GMT