- From: <Frederick.Hirsch@nokia.com>
- Date: Thu, 24 Mar 2011 22:42:52 +0000
- To: <Frederick.Hirsch@nokia.com>
- CC: <Meiko.Jensen@ruhr-uni-bochum.de>, <public-xmlsec@w3.org>
- Message-ID: <A0644DDF-57A5-412C-A97F-D11B10BD9BC0@nokia.com>
Here is added example using wsu:Id, a more natural example for SOAP. Changed semantics to sign entire SOAP body, also more natural. Also fix for previous XPath example, to include wsu: declaration. We probably should have a document based example for the xpath version. epub3 ? regards, Frederick Frederick Hirsch Nokia On Mar 24, 2011, at 6:06 PM, Hirsch Frederick (Nokia-CIC/Boston) wrote: > Meiko, > > Thanks for creating an example. > > I reviewed it and made the following changes, attached: > > 1. WS-Security uses wsse:Security as the security element within the SOAP header, so changed to that from nrns:SecurityHeader > > 2. Switched to using Security Token Reference from KeyValue to binary security token (with DSA X509 cert). > > 3. Added explicit ds: prefix to all xml security elements as is common in SOAP examples > > 4. Added c14n2: prefix for C14N2 elements in two places. > > 5. changed dsig2:Verification DigestDataLength to "32" to reflect SHA-256 output length. Not sure where 175 came from, but am probably missing something obvious right now. > > 6. Changed soap body operation to be in the ex: namespace using example.com > > Probably introduced an error but did not declare ex: namespace before soap:Body even though used in XPath. Will this be an error? > > comment? > > regards, Frederick > > Frederick Hirsch > Nokia > > > > On Mar 16, 2011, at 9:11 AM, ext Meiko Jensen wrote: > >> Dear all, >> >> I found some time to reiterate my initial example for the DSig2.0 >> syntax. Again, I'm not claiming it to be complete nor correct, but >> according to my understanding of what we specified so far, this is what >> it should look like. Please note that for the sake of an example I >> listed some c14n parameters even though they keep their default values >> (and hence may also be omitted). I recommend developing a second example >> for ID-based referencing, which should look somewhat similar, but for >> now we at least should have something to start from. >> >> cheers >> >> Meiko >> >> -- >> Dipl.-Inf. Meiko Jensen >> Chair for Network and Data Security >> Horst Görtz Institute for IT-Security >> Ruhr University Bochum, Germany >> _____________________________ >> Universitätsstr. 150, Geb. ID 2/411 >> D-44801 Bochum, Germany >> Phone: +49 (0) 234 / 32-26796 >> Telefax: +49 (0) 234 / 32-14347 >> http:// www.nds.rub.de >> >> <sig2example.txt> > > <sig2example2.xml.txt>
Attachments
- text/plain attachment: sig2example-id.xml.txt
- text/plain attachment: sig2example2.xml.txt
Received on Thursday, 24 March 2011 22:43:29 UTC