W3C home > Mailing lists > Public > xml-dist-app@w3.org > September 2003

Re: Review - Web Services Security: SOAP Message Security (1 of 3)

From: Jean-Jacques Moreau <jean-jacques.moreau@crf.canon.fr>
Date: Mon, 29 Sep 2003 17:13:32 +0200
Message-ID: <3F784C1C.3050609@crf.canon.fr>
To: Marc Hadley <Marc.Hadley@Sun.COM>
Cc: xml-dist-app@w3.org

Yes, an active intermediary could indeed fiddle with the message in 
various creative ways; so I think realistically we should soften the 
"MUST NOT be removed" into a "SHOULD NOT be removed".

Jean-Jacques.

Marc Hadley wrote:

> 
> On Thursday, Sep 25, 2003, at 03:57 US/Eastern, Jean-Jacques Moreau wrote:
> 
>>
>>> *** 410 "The <wsse:Security> header block without a specified S:role  
>>> MAY be consumed by anyone, but MUST NOT be removed prior to the final 
>>>  destination or endpoint." What does 'consumed' mean. SOAP 1.2 makes 
>>> it  clear that SOAP headers without a role attribute are equivalent 
>>> to  those with a role of  
>>> "http://www.w3.org/2003/05/soap-envelope/role/ultimateReceiver". In  
>>> both cases the ultimate receiver of the message is the target of the  
>>> header block.
>>
>>
>> An active intermediary could still consume the header block; this is 
>> part of the processing model. So, unless WSS includes a special header 
>> block to implement the above assertion, it cannot be fulfilled, I think.
>>
> I think the problem in the original text is the use of the word 
> 'consumed' which implies removal, a forwarding intermediary should never 
> be playing the ultimateReceiver role so the header block should never be 
> removed until the message reaches the ultimate receiver.
> 
> Active intermediaries can always change the message "in ways not 
> described in the inbound SOAP message" so its questionable that adding a 
> special header block would help.
> 
> Marc.
Received on Monday, 29 September 2003 11:13:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:15 GMT