W3C home > Mailing lists > Public > xml-dist-app@w3.org > May 2004

RE: SOAP-DSIG and OASIS WSS Soap message security

From: Eugene Kuznetsov <eugene@datapower.com>
Date: Sun, 9 May 2004 22:35:40 -0400
To: "'Juneja, Manoj'" <manoj.juneja@intel.com>, <xml-dist-app@w3.org>
Message-Id: <20040510023857.44E43A06AE@frink.w3.org>

 	SOAP-DSIG was there before WS-Sec, and while still successfully used
by many in production, it is being increasingly replaced by WS-Security
drafts. If your goal is to accept a wide variety of signed messages from
different partners, you may need to support both. If you are building a new
app, you probably want WS-Security. If you have a specific service you're
connecting with, find out what they are using -- surprisingly, you may find
it's neither WS-Security nor SOAP-Sec! 
	Whatever the case, consider whether you really want to write it all
yourself, even on top of a toolkit. There are plenty of vendors
(<plug>DataPower included</plug>) who are obsessively working on security,
interoperability and performance of XML-DSIG and XML-ENC implementations. 
 

\\ Eugene Kuznetsov                  : eugene@datapower.com
\\ DataPower Technology, Inc.        : Web Services security
\\ http://www.datapower.com          : XS40 XML Security Gateway

 


________________________________

	From: xml-dist-app-request@w3.org
[mailto:xml-dist-app-request@w3.org] On Behalf Of Juneja, Manoj
	Sent: Friday, May 07, 2004 7:31 PM
	To: xml-dist-app@w3.org
	Subject: SOAP-DSIG and OASIS WSS Soap message security
	
	

	Hi All,

	        Can someone on this list explain me how the SOAP-DSIG
specification (http://www.w3.org/TR/2001/NOTE-SOAP-dsig-20010206/) relate to
the OASIS WSS SOAP Message Security 1.0 specification? If I have to make use
of XML signature tags in my SOAP envelope then what specification should I
follow?

	 

	Thanks for the help.

	 

	Regards,

	manoj.
Received on Sunday, 9 May 2004 22:38:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:18 GMT