Re: DSig2.0 examples V2.0 from Frederick.Hirsch@nokia.com on 2011-03-24 (public-xmlsec@w3.org from March 2011)

From: <Frederick.Hirsch@nokia.com>
Date: Thu, 24 Mar 2011 22:42:52 +0000
To: <Frederick.Hirsch@nokia.com>
CC: <Meiko.Jensen@ruhr-uni-bochum.de>, <public-xmlsec@w3.org>
Message-ID: <A0644DDF-57A5-412C-A97F-D11B10BD9BC0@nokia.com>

Here is added example using wsu:Id, a more natural example for SOAP. Changed semantics to sign entire SOAP body, also more natural.

Also fix for previous XPath example, to include wsu: declaration.

We probably should have a document based example for the xpath version. epub3 ?

regards, Frederick

Frederick Hirsch
Nokia



On Mar 24, 2011, at 6:06 PM, Hirsch Frederick (Nokia-CIC/Boston) wrote:

> Meiko, 
> 
> Thanks for creating an example.
> 
> I reviewed it and made the following changes, attached:
> 
> 1. WS-Security uses wsse:Security as the security element within the SOAP header, so changed to that from nrns:SecurityHeader
> 
> 2. Switched to using Security Token Reference from KeyValue to  binary security token (with DSA X509 cert).
> 
> 3. Added explicit ds: prefix to all xml security elements as is common in SOAP examples
> 
> 4. Added c14n2: prefix for C14N2 elements in two places.
> 
> 5. changed dsig2:Verification DigestDataLength to "32" to reflect SHA-256 output length. Not sure where 175 came from, but am probably missing something obvious right now.
> 
> 6. Changed soap body operation to be in the ex: namespace using example.com
> 
> Probably introduced an error but did not declare ex: namespace before soap:Body even though used in XPath. Will this be an error?
> 
> comment?
> 
> regards, Frederick
> 
> Frederick Hirsch
> Nokia
> 
> 
> 
> On Mar 16, 2011, at 9:11 AM, ext Meiko Jensen wrote:
> 
>> Dear all,
>> 
>> I found some time to reiterate my initial example for the DSig2.0
>> syntax. Again, I'm not claiming it to be complete nor correct, but
>> according to my understanding of what we specified so far, this is what
>> it should look like. Please note that for the sake of an example I
>> listed some c14n parameters even though they keep their default values
>> (and hence may also be omitted). I recommend developing a second example
>> for ID-based referencing, which should look somewhat similar, but for
>> now we at least should have something to start from.
>> 
>> cheers
>> 
>> Meiko
>> 
>> -- 
>> Dipl.-Inf. Meiko Jensen
>> Chair for Network and Data Security 
>> Horst Görtz Institute for IT-Security 
>> Ruhr University Bochum, Germany
>> _____________________________
>> Universitätsstr. 150, Geb. ID 2/411
>> D-44801 Bochum, Germany
>> Phone: +49 (0) 234 / 32-26796
>> Telefax: +49 (0) 234 / 32-14347
>> http:// www.nds.rub.de
>> 
>> <sig2example.txt>
> 
> <sig2example2.xml.txt>

Attachments

text/plain attachment: sig2example-id.xml.txt
text/plain attachment: sig2example2.xml.txt

Received on Thursday, 24 March 2011 22:43:29 UTC