Re: DSig2.0 examples V2.0

Here is added example using wsu:Id, a more natural example for SOAP. Changed semantics to sign entire SOAP body, also more natural.

Also fix for previous XPath example, to include wsu: declaration.

We probably should have a document based example for the xpath version. epub3 ?

regards, Frederick

Frederick Hirsch
Nokia



On Mar 24, 2011, at 6:06 PM, Hirsch Frederick (Nokia-CIC/Boston) wrote:

> Meiko, 
> 
> Thanks for creating an example.
> 
> I reviewed it and made the following changes, attached:
> 
> 1. WS-Security uses wsse:Security as the security element within the SOAP header, so changed to that from nrns:SecurityHeader
> 
> 2. Switched to using Security Token Reference from KeyValue to  binary security token (with DSA X509 cert).
> 
> 3. Added explicit ds: prefix to all xml security elements as is common in SOAP examples
> 
> 4. Added c14n2: prefix for C14N2 elements in two places.
> 
> 5. changed dsig2:Verification DigestDataLength to "32" to reflect SHA-256 output length. Not sure where 175 came from, but am probably missing something obvious right now.
> 
> 6. Changed soap body operation to be in the ex: namespace using example.com
> 
> Probably introduced an error but did not declare ex: namespace before soap:Body even though used in XPath. Will this be an error?
> 
> comment?
> 
> regards, Frederick
> 
> Frederick Hirsch
> Nokia
> 
> 
> 
> On Mar 16, 2011, at 9:11 AM, ext Meiko Jensen wrote:
> 
>> Dear all,
>> 
>> I found some time to reiterate my initial example for the DSig2.0
>> syntax. Again, I'm not claiming it to be complete nor correct, but
>> according to my understanding of what we specified so far, this is what
>> it should look like. Please note that for the sake of an example I
>> listed some c14n parameters even though they keep their default values
>> (and hence may also be omitted). I recommend developing a second example
>> for ID-based referencing, which should look somewhat similar, but for
>> now we at least should have something to start from.
>> 
>> cheers
>> 
>> Meiko
>> 
>> -- 
>> Dipl.-Inf. Meiko Jensen
>> Chair for Network and Data Security 
>> Horst Görtz Institute for IT-Security 
>> Ruhr University Bochum, Germany
>> _____________________________
>> Universitätsstr. 150, Geb. ID 2/411
>> D-44801 Bochum, Germany
>> Phone: +49 (0) 234 / 32-26796
>> Telefax: +49 (0) 234 / 32-14347
>> http:// www.nds.rub.de
>> 
>> <sig2example.txt>
> 
> <sig2example2.xml.txt>

Received on Thursday, 24 March 2011 22:43:29 UTC