RE: SOAP-DSIG and OASIS WSS Soap message security from Juneja, Manoj on 2004-05-09 (xml-dist-app@w3.org from May 2004)

From: Juneja, Manoj <manoj.juneja@intel.com>
Date: Sun, 9 May 2004 17:29:02 -0400 (EDT)
To: "Martin Gudgin" <mgudgin@microsoft.com>, <xml-dist-app@w3.org>
Message-ID: <A06801158AE07847B27A52C1A074BC1D0535E823@fmsmsx404.fm.intel.com>

Hi Martin,

               Thanks for the quick response. My question was related to
SOAP-DSIG note from W3C
(http://www.w3.org/TR/2001/NOTE-SOAP-dsig-20010206/
<http://www.w3.org/TR/2001/NOTE-SOAP-dsig-20010206/> ). I am assuming in
your response below, XML-DSIG means the XML DSIG specification from W3C
and IETF. 

Assuming that I have to make use of XML signature in SOAP messages then
what specification should I use? Should I include XML DSIG tags in
wsse:Security (OASIS WSS) headers or SOAP:SEC (SOAP DSIG) kind of
headers? I think Microsoft and IBM are the main contributors to both of
these specs (OASIS WSS and SOAP-DSIG).

To answer your question related to toolkit, we are at very pre-mature
stage and just looking at some technology specific details only. The
question related to using/building toolkit will come at some later
stage. 

 

Regards,

Manoj.

 

 

 

  _____  

From: Martin Gudgin [mailto:mgudgin@microsoft.com] 
Sent: Sunday, May 09, 2004 1:35 PM
To: Juneja, Manoj; xml-dist-app@w3.org
Subject: RE: SOAP-DSIG and OASIS WSS Soap message security

 

Manoj,

 

The OASIS WSS spec provides a framework for securing SOAP messages. This
framework is based on the notion of security tokens and the XMLDSIG and
XMLENC specs. You should find that the signatures specified by the OASIS
WSS spec are perfectly valid per the XMLDSIG spec. There are several
implementations of OASIS WSS ( including the XMLDSIG and XMLENC bits ).
Are you trying to talk to a particular vendors toolkit? Or are you
building your own?

 

Martin

	 

	
  _____  


	From: xml-dist-app-request@w3.org
[mailto:xml-dist-app-request@w3.org] On Behalf Of Juneja, Manoj
	Sent: 08 May 2004 00:31
	To: xml-dist-app@w3.org
	Subject: SOAP-DSIG and OASIS WSS Soap message security

	Hi All,

	        Can someone on this list explain me how the SOAP-DSIG
specification (http://www.w3.org/TR/2001/NOTE-SOAP-dsig-20010206/)
relate to the OASIS WSS SOAP Message Security 1.0 specification? If I
have to make use of XML signature tags in my SOAP envelope then what
specification should I follow?

	 

	Thanks for the help.

	 

	Regards,

	manoj.

Received on Monday, 10 May 2004 23:57:47 UTC