- From: Srinivas, Davanum M <Davanum.Srinivas@ca.com>
- Date: Sun, 9 May 2004 22:15:47 -0400
- To: "Martin Gudgin" <mgudgin@microsoft.com>, "Juneja, Manoj" <manoj.juneja@intel.com>, <xml-dist-app@w3.org>
- Message-ID: <87527035FDD42A428221FA578D4A9A5B055EBB94@usilms24.ca.com>
Manoj,
If you need XML-DSig implementation, you can find one at http://xml.apache.org/security/
If you need OASIS WSS implementation, you can find one at http://webservices.apache.org/ws-fx/wss4j/
Thanks,
dims
-----Original Message-----
From: xml-dist-app-request@w3.org on behalf of Martin Gudgin
Sent: Sun 5/9/2004 5:57 PM
To: Juneja, Manoj; xml-dist-app@w3.org
Cc:
Subject: RE: SOAP-DSIG and OASIS WSS Soap message security
That'll teach me to answer e-mail late on a Sunday....
I think it's safe to say that OASIS WSS (including XMLDSIG) supercedes
the SOAPDSIG spec. So your SOAP messages would look something like this
( namespace decls omitted for brevity ):
<s:Envelope>
<s:Header>
<wss:Security>
. . .
<ds:Signature>
. . .
</ds:Signature>
</wss:Security>
</s:Header>
<s:Body>
. . .
</s:Body>
</s:Envelope>
Cheers
Gudge
________________________________
From: Juneja, Manoj [mailto:manoj.juneja@intel.com]
Sent: 09 May 2004 22:26
To: Martin Gudgin; xml-dist-app@w3.org
Subject: RE: SOAP-DSIG and OASIS WSS Soap message security
Hi Martin,
Thanks for the quick response. My question was
related to SOAP-DSIG note from W3C
(http://www.w3.org/TR/2001/NOTE-SOAP-dsig-20010206/
<http://www.w3.org/TR/2001/NOTE-SOAP-dsig-20010206/> ). I am assuming in
your response below, XML-DSIG means the XML DSIG specification from W3C
and IETF.
Assuming that I have to make use of XML signature in SOAP
messages then what specification should I use? Should I include XML DSIG
tags in wsse:Security (OASIS WSS) headers or SOAP:SEC (SOAP DSIG) kind
of headers? I think Microsoft and IBM are the main contributors to both
of these specs (OASIS WSS and SOAP-DSIG).
To answer your question related to toolkit, we are at very
pre-mature stage and just looking at some technology specific details
only. The question related to using/building toolkit will come at some
later stage.
Regards,
Manoj.
________________________________
From: Martin Gudgin [mailto:mgudgin@microsoft.com]
Sent: Sunday, May 09, 2004 1:35 PM
To: Juneja, Manoj; xml-dist-app@w3.org
Subject: RE: SOAP-DSIG and OASIS WSS Soap message security
Manoj,
The OASIS WSS spec provides a framework for securing SOAP
messages. This framework is based on the notion of security tokens and
the XMLDSIG and XMLENC specs. You should find that the signatures
specified by the OASIS WSS spec are perfectly valid per the XMLDSIG
spec. There are several implementations of OASIS WSS ( including the
XMLDSIG and XMLENC bits ). Are you trying to talk to a particular
vendors toolkit? Or are you building your own?
Martin
________________________________
From: xml-dist-app-request@w3.org
[mailto:xml-dist-app-request@w3.org] On Behalf Of Juneja, Manoj
Sent: 08 May 2004 00:31
To: xml-dist-app@w3.org
Subject: SOAP-DSIG and OASIS WSS Soap message security
Hi All,
Can someone on this list explain me how the
SOAP-DSIG specification
(http://www.w3.org/TR/2001/NOTE-SOAP-dsig-20010206/) relate to the OASIS
WSS SOAP Message Security 1.0 specification? If I have to make use of
XML signature tags in my SOAP envelope then what specification should I
follow?
Thanks for the help.
Regards,
manoj.
Received on Sunday, 9 May 2004 22:23:25 UTC