Re: Comparing XML signatures from Anders Rundgren on 2005-12-22 (w3c-ietf-xmldsig@w3.org from October to December 2005)

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Thu, 22 Dec 2005 21:03:04 +0100
To: "abdul khader" <abdul.khader@hotmail.com>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <006101c60732$b7f231a0$8217a8c0@arport2v>

Abdul,
I may have misunderstood but here is my take on this:

  "One, to provide an  identity to the clients from a specific domain"

Good use.  This would typically be SAML assertions.

   "Two, to authenticate the request comming into the web service."

Good use for any Web Service.

  "As we are still doubtful about the robustness of this architecture,"

This MAY be a problem.  Personally I think that you should
have strongly profiled versions of XML Signatures to achieve
interoperability.  To accept the full spec. is in my opinion asking
for problems.

  "we would like to know whether a service can
   compare two signatures in order to ensure the authenticity"

If the same data is signed signatures using the same keys etc. should
be comparable, not on XML level, but on digest and signature values.
Here I don't fully inderstand what the application is.

Anders R

----- Original Message -----
From: "abdul khader" <abdul.khader@hotmail.com>
To: <w3c-ietf-xmldsig@w3.org>
Sent: Thursday, December 22, 2005 12:03
Subject: Comparing XML signatures



Hi,
While working through Web services security, we  came across XML signatures
for data integrity. We have been reading and implementing it in the .Net
framework. We have been working with a design for web services security for
cross domain authentication and data confidentiality, in which we think that
an XML signature can be used for two other purposes too. One, to provide an
identity to the clients from a specific domain. Two, to authenticate the
request comming into the web service. As we are still doubtful about the
robustness of this architecture, we would like to know whether a service can
compare two signatures in order to ensure the authenticity and whether XML
signatures can really be used for this purpose or if not what would be the
alternative.
Thanks in advance for any help.

Best Regards,
Abdul.

_________________________________________________________________
Undgå pop-ups med MSN Toolbar -  http://toolbar.msn.dk/ hent den gratis!

Received on Thursday, 22 December 2005 19:58:39 UTC