- From: Glen Daniels <gdaniels@macromedia.com>
- Date: Wed, 15 Aug 2001 16:32:00 -0400
- To: "'Rich Salz'" <rsalz@zolera.com>, Glen Daniels <gdaniels@macromedia.com>
- Cc: "'christopher ferris'" <chris.ferris@east.sun.com>, "'xml-dist-app@w3.org'" <xml-dist-app@w3.org>
+1, that's a very good point. My assumption would be that if you sign a message, you sign the parts of the message which you intend to make it through to the target of the signature. It may certainly be the case that some of those parts also contain "dependsOn" lists which you therefore shouldn't touch. That being the case, and with Chris' comments, I'd propose doing the "ProcessedHeaders" thing which I suggested in the last message rather than the rewriting. This is a very similar situation to the "misunderstoodheaders" fault extensions in SOAP 1.2. --Glen > -----Original Message----- > From: Rich Salz [mailto:rsalz@zolera.com] > Sent: Wednesday, August 15, 2001 4:24 PM > To: Glen Daniels > Cc: 'christopher ferris'; 'xml-dist-app@w3.org' > Subject: Re: Action Item : brief mustHappen analysis > > > We need to be careful about rewriting messages when it's going through > multiple steps and the initiator has signed the message for > the ultimate > recipient to check. If A sends a signed soap through B and C > to D, then > we must be careful to make sure B and C rewrite do not affect A's > signature, or that we carefully explain what the document subset that > can be signed looks like. > /r$ > -- > Zolera Systems, Your Key to Online Integrity > Securing Web services: XML, SOAP, Dig-sig, Encryption > http://www.zolera.com >
Received on Wednesday, 15 August 2001 16:32:45 UTC