RE: SOAP-DSIG and OASIS WSS Soap message security

That'll teach me to answer e-mail late on a Sunday....
 
I think it's safe to say that OASIS WSS (including XMLDSIG) supercedes
the SOAPDSIG spec. So your SOAP messages would look something like this
( namespace decls omitted for brevity ):
 
<s:Envelope>
 <s:Header>
  <wss:Security>
    . . .
    <ds:Signature>
    . . .
    </ds:Signature>
  </wss:Security>
 </s:Header>
 <s:Body>
  . . .
 </s:Body>
</s:Envelope>
 
Cheers
 
Gudge


________________________________

	From: Juneja, Manoj [mailto:manoj.juneja@intel.com] 
	Sent: 09 May 2004 22:26
	To: Martin Gudgin; xml-dist-app@w3.org
	Subject: RE: SOAP-DSIG and OASIS WSS Soap message security
	
	

	Hi Martin,

	               Thanks for the quick response. My question was
related to SOAP-DSIG note from W3C
(http://www.w3.org/TR/2001/NOTE-SOAP-dsig-20010206/
<http://www.w3.org/TR/2001/NOTE-SOAP-dsig-20010206/> ). I am assuming in
your response below, XML-DSIG means the XML DSIG specification from W3C
and IETF. 

	Assuming that I have to make use of XML signature in SOAP
messages then what specification should I use? Should I include XML DSIG
tags in wsse:Security (OASIS WSS) headers or SOAP:SEC (SOAP DSIG) kind
of headers? I think Microsoft and IBM are the main contributors to both
of these specs (OASIS WSS and SOAP-DSIG).

	To answer your question related to toolkit, we are at very
pre-mature stage and just looking at some technology specific details
only. The question related to using/building toolkit will come at some
later stage. 

	 

	Regards,

	Manoj.

	 

	 

	 

	
________________________________


	From: Martin Gudgin [mailto:mgudgin@microsoft.com] 
	Sent: Sunday, May 09, 2004 1:35 PM
	To: Juneja, Manoj; xml-dist-app@w3.org
	Subject: RE: SOAP-DSIG and OASIS WSS Soap message security

	 

	Manoj,

	 

	The OASIS WSS spec provides a framework for securing SOAP
messages. This framework is based on the notion of security tokens and
the XMLDSIG and XMLENC specs. You should find that the signatures
specified by the OASIS WSS spec are perfectly valid per the XMLDSIG
spec. There are several implementations of OASIS WSS ( including the
XMLDSIG and XMLENC bits ). Are you trying to talk to a particular
vendors toolkit? Or are you building your own?

	 

	Martin

		 

		
________________________________


		From: xml-dist-app-request@w3.org
[mailto:xml-dist-app-request@w3.org] On Behalf Of Juneja, Manoj
		Sent: 08 May 2004 00:31
		To: xml-dist-app@w3.org
		Subject: SOAP-DSIG and OASIS WSS Soap message security

		Hi All,

		        Can someone on this list explain me how the
SOAP-DSIG specification
(http://www.w3.org/TR/2001/NOTE-SOAP-dsig-20010206/) relate to the OASIS
WSS SOAP Message Security 1.0 specification? If I have to make use of
XML signature tags in my SOAP envelope then what specification should I
follow?

		 

		Thanks for the help.

		 

		Regards,

		manoj.

Received on Sunday, 9 May 2004 17:58:05 UTC