ACTION 2004-12-20: Security of wrapper vs attribute

The issue that separates using a wrapper vs an attribute isn't one of 
security, but software engineering. :)  Both XML DSIG and XML Encryption 
can handle each type:
	wrapper -- Add an ID on the wrapped element, or put an ID on the 
wrapper and use an XPath expression to select the child of the wrapper. 
For encryption, do element-wise encryption of the wrapped element, 
replacing it with an xenc:EncryptedData element.
	attribute -- Add an ID on the element, and use an XPath expression to 
select everything but the ID attribute.  (If the subsystem doing 
WS-Addressing is also integrated with WS-Security, then the contents of 
the ID attribute can be known, and the XPath expression can be 
avoided.).  For encryption, do content-wise encryption -- this leaves 
any attributes on the header in the clear; we'd have to document that -- 
or do element-wise encryption, but re-add any actor/role attribute in 

I can create samples of these if desired.

As long as refp's are self-identifying, it is possible for a "generic' 
or loosely-coupled security facility to process them.  Most 
implementations will be less efficient signing or verifying a wrapper, 
because of the required XPath, but I don't think it's worth worrying about.


Rich Salz, Chief Security Architect
DataPower Technology                 
XS40 XML Security Gateway
XML Security Overview

Received on Monday, 10 January 2005 15:15:49 UTC