RE: SOAP-DSIG and OASIS WSS Soap message security from Anne Thomas Manes on 2004-05-10 (xml-dist-app@w3.org from May 2004)

From: Anne Thomas Manes <anne@manes.net>
Date: Mon, 10 May 2004 13:07:40 -0400
To: "'Eugene Kuznetsov'" <eugene@datapower.com>, "'Juneja, Manoj'" <manoj.juneja@intel.com>, <xml-dist-app@w3.org>
Message-Id: <20040510172037.49CE3A4D04@frink.w3.org>

Note that SOAP-DSIG has no formal standing (it's a W3C Note -- not a
Recommendation or even a Working Draft).

OASIS WSS SOAP Message Security is a formal OASIS Standard.

You should use OASIS WSS. There are about 2 dozen products that have or are
in the process of implementing OASIS WSS. Most vendors have committed to
supporting OASIS WSS by mid year.

Anne

-----Original Message-----
From: xml-dist-app-request@w3.org [mailto:xml-dist-app-request@w3.org] On
Behalf Of Eugene Kuznetsov
Sent: Sunday, May 09, 2004 10:36 PM
To: 'Juneja, Manoj'; xml-dist-app@w3.org
Subject: RE: SOAP-DSIG and OASIS WSS Soap message security


 	SOAP-DSIG was there before WS-Sec, and while still successfully used
by many in production, it is being increasingly replaced by WS-Security
drafts. If your goal is to accept a wide variety of signed messages from
different partners, you may need to support both. If you are building a new
app, you probably want WS-Security. If you have a specific service you're
connecting with, find out what they are using -- surprisingly, you may find
it's neither WS-Security nor SOAP-Sec! 
	Whatever the case, consider whether you really want to write it all
yourself, even on top of a toolkit. There are plenty of vendors
(<plug>DataPower included</plug>) who are obsessively working on security,
interoperability and performance of XML-DSIG and XML-ENC implementations. 
 

\\ Eugene Kuznetsov                  : eugene@datapower.com
\\ DataPower Technology, Inc.        : Web Services security
\\ http://www.datapower.com          : XS40 XML Security Gateway

 


________________________________

	From: xml-dist-app-request@w3.org
[mailto:xml-dist-app-request@w3.org] On Behalf Of Juneja, Manoj
	Sent: Friday, May 07, 2004 7:31 PM
	To: xml-dist-app@w3.org
	Subject: SOAP-DSIG and OASIS WSS Soap message security
	
	

	Hi All,

	        Can someone on this list explain me how the SOAP-DSIG
specification (http://www.w3.org/TR/2001/NOTE-SOAP-dsig-20010206/) relate to
the OASIS WSS SOAP Message Security 1.0 specification? If I have to make use
of XML signature tags in my SOAP envelope then what specification should I
follow?

	 

	Thanks for the help.

	 

	Regards,

	manoj.

Received on Monday, 10 May 2004 13:20:39 UTC