Re: i008 - Marking RefProps/RefParams using attributes [Take #2] from Rich Salz on 2004-12-15 (public-ws-addressing@w3.org from December 2004)

From: Rich Salz <rsalz@datapower.com>
Date: Wed, 15 Dec 2004 13:54:06 -0500
To: "Srinivas, Davanum M" <Davanum.Srinivas@ca.com>
CC: public-ws-addressing@w3.org
Message-ID: <41C0884E.4090802@datapower.com>

> Here's the re-worked proposal…dropping the <wsa:RefPs> element as per 
> Jonathan [1]

+1

As for the security issues, they're not that big a deal.  It means taht 
under some circumstances, signing a refp element will require that the 
signature reference (dsig:Reference element) use an XPath transformation 
to omit the attribute when signing the element.

And since the refps are now "generically visible," this addresses the 
security concerns I've been raising.
	/r$
-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

Received on Wednesday, 15 December 2004 18:45:20 UTC