- From: Marc Hadley <Marc.Hadley@Sun.COM>
- Date: Wed, 24 Nov 2004 10:19:43 -0500
- To: public-ws-addressing@w3.org
Title: Securing EPRs Description: As has been mentioned in several threads, use of addressing headers and reference props/params opens several avenues for attack by malicious message senders. Message security is often cited as a way to defeat such attacks, see e.g. "It's not a problem for me because I'll only trust EPRs signed by certain parties"[1]. The specification[2] states that "Whenever an address is specified (e.g. <wsa:From>, <wsa:ReplyTo>, <wsa:FaultTo>, ...), the processor should ensure that a signature is provided with claims allowing it to speak for the specified target in order to prevent certain classes of attacks (e.g. redirects)." but doesn't really nail down what qualifies a signature to "speak for the specified target" Justification: To have any hope of interoperability, the specification needs to provide more exact guidance on the contents of security artifacts that must be included in a message for a receiver to trust the EPRs included in it. Target: SOAP binding Proposal: Add more exact language to the specification outlining the message security requirements that must be met for an EPR to be trusted. Add a standard fault that may be returned on receipt of a message that fails to meet such security requirements. [1] http://www.w3.org/mid/DD35CC66F54D8248B6E04232892B633804099D3E@RED-MSG -43.redmond.corp.microsoft.com [2] http://dev.w3.org/cvsweb/~checkout~/2004/ws/addressing/ws-addr- soap.html --- Marc Hadley <marc.hadley at sun.com> Web Technologies and Standards, Sun Microsystems.
Received on Wednesday, 24 November 2004 15:19:46 UTC