- From: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
- Date: Mon, 19 May 2008 16:11:44 +0200
- To: XMLSec <public-xmlsec-maintwg@w3.org>
- Message-ID: <48318AA0.10107@iaik.tugraz.at>
Dear all, I'm siting in a Workshop about the problems when using Web Services and XMLDSIG, and it's all quite complicated ... The main problem is the data is not between the reference/transforms/algorithms and the DigestValue ... which is well known since ages. What I ask myself: Why don't people using XMLDSIG for WebServices put the signed data in between then? ie.: Put a ds:Manifest without DigestValues as the first child of the document element and use a ds:Signature at the end of the document (last child of the document element), that has a single ds:Reference with omitted URI, and specify that this is to reference this ds:Manifest at the beginning. Then define a transform that inlines the ds:DigestValues computed while streaming processing .... Voila, ... Signed Streaming Webservices without head aches. I'm looking forward to interesting discussions. Konrad Btw.: I would like to thank the people at the http://www.tu-ilmenau.de/fakmn/Programm.7151.0.html for trying to contest my idea. I would be very eager to know what our working group thinks about this idea? And does anyone know why SOAP makes it's life so hard with security? -- Konrad Lanz, IAIK/SIC - Graz University of Technology Inffeldgasse 16a, 8010 Graz, Austria Tel: +43 316 873 5547 Fax: +43 316 873 5520 https://www.iaik.tugraz.at/aboutus/people/lanz http://jce.iaik.tugraz.at Certificate chain (including the EuroPKI root certificate): https://europki.iaik.at/ca/europki-at/cert_download.htm
Received on Monday, 19 May 2008 14:12:29 UTC