W3C home > Mailing lists > Public > public-xmlsec-maintwg@w3.org > May 2008

Best Practices Streaming Web services ....

From: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
Date: Mon, 19 May 2008 16:11:44 +0200
Message-ID: <48318AA0.10107@iaik.tugraz.at>
To: XMLSec <public-xmlsec-maintwg@w3.org>
Dear all,

I'm siting in a Workshop about the problems when using Web Services and
XMLDSIG, and it's all quite complicated ...

The main problem is the data is not between the
reference/transforms/algorithms and the DigestValue ... which is well
known since ages.

What I ask myself: Why don't people using XMLDSIG for WebServices put
the signed data in between then?

ie.: Put a ds:Manifest without DigestValues as the first child of the
document element and use a ds:Signature at the end of the document (last
child of the document element), that has a single ds:Reference with
omitted URI, and specify that this is to reference this ds:Manifest at
the beginning.

Then define a transform that inlines the ds:DigestValues computed while
streaming processing ....

Voila, ... Signed Streaming Webservices without head aches.

I'm looking forward to interesting discussions.


Btw.:  I would like to thank the people at the
  for trying to contest my idea.

I would be very eager to know what our working group thinks about this idea?

And does anyone know why SOAP makes it's life so hard with security?

Konrad Lanz, IAIK/SIC - Graz University of Technology
Inffeldgasse 16a, 8010 Graz, Austria
Tel: +43 316 873 5547
Fax: +43 316 873 5520

Certificate chain (including the EuroPKI root certificate):

Received on Monday, 19 May 2008 14:12:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:42:44 UTC