Chris, your note starts to bring up the subtleties involved in signing SOAP messages. Since intermediaries can add or remove header elements, how can I as a sender sign message to be robust in the face of buggy or malicious intermediaries who might add header elements with the same QNAME as I originally signed? I think we need to define an ID attribute, just like soap-enc. Is there another approach I've missed? Perhaps more importantly, if intermediate rewrites make it unrealistic to sign an entire message, but I instead must enumerate the applicable elements, then I can't use XML C14N (because an adversary might change namespace decls, as you pointed out), but must instead using exclusive canonicalization, which just finished Last Call. /r$ -- Zolera Systems, Securing web services (XML, SOAP, Signatures, Encryption) http://www.zolera.comReceived on Monday, 11 February 2002 22:40:11 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:06 GMT