W3C home > Mailing lists > Public > public-ws-addressing@w3.org > March 2005

Re: Proposing a wsa:Security element

From: Marc Hadley <Marc.Hadley@Sun.COM>
Date: Mon, 14 Mar 2005 14:55:54 -0500
To: Hugo Haas <hugo@w3.org>
Cc: Rich Salz <rsalz@datapower.com>, public-ws-addressing@w3.org
Message-id: <6d39692cb7278ab6912446a665af44ba@Sun.COM>

On Mar 14, 2005, at 9:56 AM, Hugo Haas wrote:

> * Rich Salz <rsalz@datapower.com> [2005-03-12 00:29-0500]
>> (wsa prefix means WS-Addressing and wsse prefix means WS-Security as
>> standardized at OASIS.)
>> I'd like to add a wsa:Security element to the EPR.  It is intended to
>> be used as a container for security information (signatures, keys, 
>> etc)
>> about the EPR.  When using the SOAP binding, the contents of the
>> wsa:Security element either become a wsse:Security element or are
>> inserted at the appropriate spot within an existing wsse:Security 
>> element.
>> I know that these are complicated ("screwy") semantics. But I think 
>> it's
>> really required to get secure WS-Addressing.
> Couldn't such information go in the [metadata] bucket? It seems that
> we added it for things just like that.
I think the problem is that we've painted the metadata bucket as the 
place to put information that you don't need echoed back in messages 
addressed to the EPR (its just info about the EPR). The security stuff 
that Rich outlined is required to be sent back so its closer to 
reference parameter semantics except that reference parameters are 
serialized as direct SOAP headers whereas the requirement here is to 
create a wsse:Security header or add to an existing one. We could 
define a sub-bucket for this information and describe the additional 
processing semantics for the contents of this sub-bucket or we could 
add a new security element to the epr.


Marc Hadley <marc.hadley at sun.com>
Web Technologies and Standards, Sun Microsystems.
Received on Monday, 14 March 2005 19:55:59 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:28:24 UTC