W3C home > Mailing lists > Public > public-ws-addressing-comments@w3.org > September 2005

RE: ID-typed attribute on WS-Addressing EPRs?

From: Jonathan Marsh <jmarsh@microsoft.com>
Date: Mon, 19 Sep 2005 14:37:51 -0700
Message-ID: <37D0366A39A9044286B2783EB4C3C4E82078D5@RED-MSG-10.redmond.corp.microsoft.com>
To: "John Kemp" <john.kemp@nokia.com>, <public-ws-addressing-comments@w3.org>

EPRs are attribute-extensible, allowing one to put xml:id or wsu:Id on
an EPR for purposes of signing.  I agree xml:id is a good choice for
identifying elements, but current security infrastructure based on
WS-Security is probably looking for wsu:Id.  I have argued in the WG
that it would be presumptuous of us to tell the security layer which
form of ID it should look for.  A convention for ID is good, but will be
most interoperable when the convention is promoted by the security
layer, and not by WS-Addressing in possibly incompatible ways.

The Working Group agreed with this assessment (at least the verbal
version!) and decided to close the issue with no change.  The issue
itself was recorded at [1], which will also have links to the resolution
when the issues list is next updated.

Thanks for your comment, and the opportunity to explore this topic in
more depth.

Jonathan Marsh


> -----Original Message-----
> From: public-ws-addressing-comments-request@w3.org [mailto:public-ws-
> addressing-comments-request@w3.org] On Behalf Of John Kemp
> Sent: Monday, September 05, 2005 6:32 AM
> To: public-ws-addressing-comments@w3.org
> Subject: ID-typed attribute on WS-Addressing EPRs?
> Hello,
> I notice that WS-Addressing [1] has security recommendations that
> include the signing of elements by those producing EPRs (and message
> addressing properties). Such signing usually requires the presence of
> an
> identifying attribute on each signed element. I note that WS-
> Addressing
> does not define any such attribute, but relies on a wildcard for this
> and other attribute definitions. This seems to require that users of
> WS-Addressing must define the use of such an attribute themselves,
> prior
> to being able to implement the security considerations recommended by
> WS-A. This implies that one cannot use the basic EPR and MAP
> definitions
> directly from the WS-Addressing specification (if one wishes to sign
> EPRs and be interoperable with anyone else.)
> In order to aid interoperability of this specification, and
> implementation of the security considerations within, would it be
> possible to specify the use of an ID attribute within the WS-
> Addressing
> specification?
> Perhaps best would be to use the recommendation specified in the
> xml:id
> specification [2].
> Regards,
> - JohnK
> John Kemp
> Nokia Corp.
> [1] http://www.w3.org/TR/2005/CR-ws-addr-core-20050817/
> [2] http://www.w3.org/TR/xml-id/
Received on Monday, 19 September 2005 21:37:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:28:52 UTC