- From: Jonathan Marsh <jmarsh@microsoft.com>
- Date: Wed, 21 Sep 2005 16:36:45 -0700
- To: "John Kemp" <john.kemp@nokia.com>
- Cc: "W3C WS-Addressing Public List" <public-ws-addressing@w3.org>
Forwarding to the discussion list. > -----Original Message----- > From: John Kemp [mailto:john.kemp@nokia.com] > Sent: Tuesday, September 20, 2005 10:44 AM > To: Jonathan Marsh > Cc: public-ws-addressing-comments@w3.org > Subject: Re: ID-typed attribute on WS-Addressing EPRs? > > Jonathan, > > Thanks very much for your considered response and the attention of the > working group on this issue. > > I understand your position to be that the security layer should be > responsible for id processing, and thus should define the name of id > to > be used on WS-Addressing elements, be it wsu:Id or xml:id. > > My point, however, is that, as you noted below, it is possible to > extend > WS-Addressing. It is already possible to send arbitrary content in the > body of a SOAP message. Such arbitrary content, not to mention content > as defined by the WS-A working group, or WS-A content extended by some > other party may contain an arbitrary ID-typed attribute for the > purposes > of signing. As you note, WS-A allows "anyAttribute". This > extensibility, > however, means that not only is it possible to extend WS-A, but it is > the case that anyone wishing to interoperate reliably using WS-A, and > sign WS-A EPRs (for example) *must* extend WS-A, by agreeing to > interoperate using some specific ID-type attribute in restricting the > attribute wildcard allowed by WS-A. > > In summary, I do not think it is presumptous of the working group to > choose a named attribute to identify elements such that the security > layer can rely on all WS-A defined content appearing in messages with > a > known ID-typed attribute. It is simply an opportunity to increase the > chances of interoperability between base implementations of this > specification. > > Regards, > > - John Kemp > > ext Jonathan Marsh wrote: > > EPRs are attribute-extensible, allowing one to put xml:id or wsu:Id > on > > an EPR for purposes of signing. I agree xml:id is a good choice for > > identifying elements, but current security infrastructure based on > > WS-Security is probably looking for wsu:Id. I have argued in the WG > > that it would be presumptuous of us to tell the security layer which > > form of ID it should look for. A convention for ID is good, but > will be > > most interoperable when the convention is promoted by the security > > layer, and not by WS-Addressing in possibly incompatible ways. > > > > The Working Group agreed with this assessment (at least the verbal > > version!) and decided to close the issue with no change. The issue > > itself was recorded at [1], which will also have links to the > resolution > > when the issues list is next updated. > > > > Thanks for your comment, and the opportunity to explore this topic > in > > more depth. > > > > Jonathan Marsh > > Microsoft > > > > [1] > > http://lists.w3.org/Archives/Public/public-ws-desc- > comments/2005Sep/0014 > > .html > > > > > >>-----Original Message----- > >>From: public-ws-addressing-comments-request@w3.org [mailto:public- > ws- > >>addressing-comments-request@w3.org] On Behalf Of John Kemp > >>Sent: Monday, September 05, 2005 6:32 AM > >>To: public-ws-addressing-comments@w3.org > >>Subject: ID-typed attribute on WS-Addressing EPRs? > >> > >> > >>Hello, > >> > >>I notice that WS-Addressing [1] has security recommendations that > >>include the signing of elements by those producing EPRs (and message > >>addressing properties). Such signing usually requires the presence > of > >>an > >>identifying attribute on each signed element. I note that WS- > >>Addressing > >>does not define any such attribute, but relies on a wildcard for > this > >>and other attribute definitions. This seems to require that users of > >>WS-Addressing must define the use of such an attribute themselves, > >>prior > >>to being able to implement the security considerations recommended > by > >>WS-A. This implies that one cannot use the basic EPR and MAP > >>definitions > >>directly from the WS-Addressing specification (if one wishes to sign > >>EPRs and be interoperable with anyone else.) > >> > >>In order to aid interoperability of this specification, and > >>implementation of the security considerations within, would it be > >>possible to specify the use of an ID attribute within the WS- > >>Addressing > >>specification? > >> > >>Perhaps best would be to use the recommendation specified in the > >>xml:id > >>specification [2]. > >> > >>Regards, > >> > >>- JohnK > >> > >>John Kemp > >>Nokia Corp. > >> > >>[1] http://www.w3.org/TR/2005/CR-ws-addr-core-20050817/ > >>[2] http://www.w3.org/TR/xml-id/ > >> > >> > >> > >> > >> > > > > >
Received on Wednesday, 21 September 2005 23:36:57 UTC