W3C home > Mailing lists > Public > public-xmlsec@w3.org > March 2011

Re: DSig2.0 examples V2.0

From: <Frederick.Hirsch@nokia.com>
Date: Thu, 24 Mar 2011 22:06:03 +0000
To: <Meiko.Jensen@ruhr-uni-bochum.de>
CC: <Frederick.Hirsch@nokia.com>, <public-xmlsec@w3.org>
Message-ID: <8AFA6BC9-A1E3-4E69-8829-067A9CBF9F5E@nokia.com>

Thanks for creating an example.

I reviewed it and made the following changes, attached:

1. WS-Security uses wsse:Security as the security element within the SOAP header, so changed to that from nrns:SecurityHeader

2. Switched to using Security Token Reference from KeyValue to  binary security token (with DSA X509 cert).

3. Added explicit ds: prefix to all xml security elements as is common in SOAP examples

4. Added c14n2: prefix for C14N2 elements in two places.

5. changed dsig2:Verification DigestDataLength to "32" to reflect SHA-256 output length. Not sure where 175 came from, but am probably missing something obvious right now.

6. Changed soap body operation to be in the ex: namespace using example.com

Probably introduced an error but did not declare ex: namespace before soap:Body even though used in XPath. Will this be an error?


regards, Frederick

Frederick Hirsch

On Mar 16, 2011, at 9:11 AM, ext Meiko Jensen wrote:

> Dear all,
> I found some time to reiterate my initial example for the DSig2.0
> syntax. Again, I'm not claiming it to be complete nor correct, but
> according to my understanding of what we specified so far, this is what
> it should look like. Please note that for the sake of an example I
> listed some c14n parameters even though they keep their default values
> (and hence may also be omitted). I recommend developing a second example
> for ID-based referencing, which should look somewhat similar, but for
> now we at least should have something to start from.
> cheers
> Meiko
> -- 
> Dipl.-Inf. Meiko Jensen
> Chair for Network and Data Security 
> Horst Görtz Institute for IT-Security 
> Ruhr University Bochum, Germany
> _____________________________
> Universitätsstr. 150, Geb. ID 2/411
> D-44801 Bochum, Germany
> Phone: +49 (0) 234 / 32-26796
> Telefax: +49 (0) 234 / 32-14347
> http:// www.nds.rub.de
> <sig2example.txt>

Received on Thursday, 24 March 2011 22:06:45 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:15 UTC