- From: Eugene Kuznetsov <eugene@datapower.com>
- Date: Sun, 9 May 2004 22:35:40 -0400
- To: "'Juneja, Manoj'" <manoj.juneja@intel.com>, <xml-dist-app@w3.org>
SOAP-DSIG was there before WS-Sec, and while still successfully used by many in production, it is being increasingly replaced by WS-Security drafts. If your goal is to accept a wide variety of signed messages from different partners, you may need to support both. If you are building a new app, you probably want WS-Security. If you have a specific service you're connecting with, find out what they are using -- surprisingly, you may find it's neither WS-Security nor SOAP-Sec! Whatever the case, consider whether you really want to write it all yourself, even on top of a toolkit. There are plenty of vendors (<plug>DataPower included</plug>) who are obsessively working on security, interoperability and performance of XML-DSIG and XML-ENC implementations. \\ Eugene Kuznetsov : eugene@datapower.com \\ DataPower Technology, Inc. : Web Services security \\ http://www.datapower.com : XS40 XML Security Gateway ________________________________ From: xml-dist-app-request@w3.org [mailto:xml-dist-app-request@w3.org] On Behalf Of Juneja, Manoj Sent: Friday, May 07, 2004 7:31 PM To: xml-dist-app@w3.org Subject: SOAP-DSIG and OASIS WSS Soap message security Hi All, Can someone on this list explain me how the SOAP-DSIG specification (http://www.w3.org/TR/2001/NOTE-SOAP-dsig-20010206/) relate to the OASIS WSS SOAP Message Security 1.0 specification? If I have to make use of XML signature tags in my SOAP envelope then what specification should I follow? Thanks for the help. Regards, manoj.
Received on Sunday, 9 May 2004 22:38:58 UTC