W3C home > Mailing lists > Public > xml-dist-app@w3.org > May 2004

RE: SOAP-DSIG and OASIS WSS Soap message security

From: Anne Thomas Manes <anne@manes.net>
Date: Mon, 10 May 2004 13:07:40 -0400
To: "'Eugene Kuznetsov'" <eugene@datapower.com>, "'Juneja, Manoj'" <manoj.juneja@intel.com>, <xml-dist-app@w3.org>
Message-Id: <20040510172037.49CE3A4D04@frink.w3.org>

Note that SOAP-DSIG has no formal standing (it's a W3C Note -- not a
Recommendation or even a Working Draft).

OASIS WSS SOAP Message Security is a formal OASIS Standard.

You should use OASIS WSS. There are about 2 dozen products that have or are
in the process of implementing OASIS WSS. Most vendors have committed to
supporting OASIS WSS by mid year.


-----Original Message-----
From: xml-dist-app-request@w3.org [mailto:xml-dist-app-request@w3.org] On
Behalf Of Eugene Kuznetsov
Sent: Sunday, May 09, 2004 10:36 PM
To: 'Juneja, Manoj'; xml-dist-app@w3.org
Subject: RE: SOAP-DSIG and OASIS WSS Soap message security

 	SOAP-DSIG was there before WS-Sec, and while still successfully used
by many in production, it is being increasingly replaced by WS-Security
drafts. If your goal is to accept a wide variety of signed messages from
different partners, you may need to support both. If you are building a new
app, you probably want WS-Security. If you have a specific service you're
connecting with, find out what they are using -- surprisingly, you may find
it's neither WS-Security nor SOAP-Sec! 
	Whatever the case, consider whether you really want to write it all
yourself, even on top of a toolkit. There are plenty of vendors
(<plug>DataPower included</plug>) who are obsessively working on security,
interoperability and performance of XML-DSIG and XML-ENC implementations. 

\\ Eugene Kuznetsov                  : eugene@datapower.com
\\ DataPower Technology, Inc.        : Web Services security
\\ http://www.datapower.com          : XS40 XML Security Gateway



	From: xml-dist-app-request@w3.org
[mailto:xml-dist-app-request@w3.org] On Behalf Of Juneja, Manoj
	Sent: Friday, May 07, 2004 7:31 PM
	To: xml-dist-app@w3.org
	Subject: SOAP-DSIG and OASIS WSS Soap message security

	Hi All,

	        Can someone on this list explain me how the SOAP-DSIG
specification (http://www.w3.org/TR/2001/NOTE-SOAP-dsig-20010206/) relate to
the OASIS WSS SOAP Message Security 1.0 specification? If I have to make use
of XML signature tags in my SOAP envelope then what specification should I


	Thanks for the help.



Received on Monday, 10 May 2004 13:20:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 22:01:26 UTC