- From: Meiko Jensen <Meiko.Jensen@ruhr-uni-bochum.de>
- Date: 2 Mar 2010 17:47:04 +0100
- To: "XMLSec WG Public List" <public-xmlsec@w3.org>
Hi all, my name is Meiko Jensen (pronounced like Michael, but with "o" instead of "l"), I'm working at the Chair for Network and Data Security at the Ruhr-University Bochum (RUB) in Germany. By now I'm doing my Ph.D. thesis on the topic of security in service-oriented architectures, with a particular focus on applications of cryptology to Web Services. In this field, we lately published some papers on attacks against signed SOAP messages (mainly signature wrapping issues) and also on streamability and performance optimization of XML Signature and XML Encryption implementations. Hence, I'll try to support the ongoing efforts regarding stream-based application and verification of XML Signatures, and also try to provide solutions to the issues we discovered (e.g. the namespace injection stuff). Being too late for the 1.1 drafts (as far as I understood), I'll focus on the 2.0 versions of XML Signature and Canonical XML, and on the best practices documents. I hope to be helpful in terms of security analysis, providing best practices against attacks and misconfigurations. Potentially, we can also contribute basic reference implementations (being a university, we sometimes manage to attract clever students for doing their master thesis on such implementations. Maybe I can find one...). Best regards from Germany Meiko -- Dipl.-Inf. Meiko Jensen Chair for Network and Data Security Horst Görtz Institute for IT-Security Ruhr University Bochum, Germany _____________________________ Universitätsstr. 150, Geb. IC 4/150 D-44780 Bochum, Germany Phone: +49 (0) 234 / 32-26796 Telefax: +49 (0) 234 / 32-14347 http:// www.nds.rub.de
Received on Tuesday, 2 March 2010 16:47:36 UTC