You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Davanum Srinivas <di...@yahoo.com> on 2003/12/10 13:37:33 UTC

Need (Fwd: WSS4J and interoperability)

Security-dev folks,

Can someone help us with the following? See email at the end for more info.

- To implement the interop scenarios we need some enhancements
  to XMLCipher (or at least the API Javadoc) to support
  the required Content encryption (currently Element encryption
  is performed).
 
- To support scenario#4 XMLCipher needs to support the KeyInfo
  mechanism to get an external key (or it needs a method where
  a KeyName - KeyValue pair can be set).

- To support scenario#7 we need to have the SignatureTokenReference
  transform (STR-Transform). Currently there is no such
  support in xmlsec Signature.

Thanks,
dims

--- Dittmann Werner <we...@siemens.com> wrote:
> From: Dittmann Werner <we...@siemens.com>
> To: "'Davanum Srinivas'" <di...@yahoo.com>
> CC: wss4j-devel@lists.sourceforge.net
> Subject: WSS4J and interoperability
> Date: Wed, 10 Dec 2003 10:56:13 +0100
> 
> Dims, all
> 
> after a first check of the interop documents I'm pretty
> sure that we can do most of the scenarios. However,
> some more flexibility and control of the security actions
> to be performed need to build into the Axis handlers and
> the WSS4J methods. As far as I can see, this could be done
> without breaking the overall structure of the current
> implementation. Also changes to existing interfaces would
> be minimal or even zero.
> 
> However, we need some support and enhancements from our
> beloved XML Security friends:
> 
> - To implement the interop scenarios we need some enhancements
>   to XMLCipher (or at least the API Javadoc) to support
>   the required Content encryption (currently Element encryption
>   is performed).
> 
> - To support scenario#4 XMLCipher needs to support the KeyInfo
>   mechanism to get an external key (or it needs a method where
>   a KeyName - KeyValue pair can be set).
> 
> - To support scenario#7 we need to have the SignatureTokenReference
>   transform (STR-Transform). Currently there is no such
>   support in xmlsec Signature.
> 
> And here are comments to the WSS Interop documents:
> 
> - In scenario#3 the Timestamp is the first child element in the 
>   Security header, i.e. was inserted last. All other scenarios
>   that use a Timestamp inserted it first, i.e. it is the last
>   child element. I would opt to have it _always_ as the last
>   child element (inserted first). This way we can easily include
>   the Timestamp in other calculations, e.g. Signature, if required.
> 
> - Example in Scenario#4 uses a KeyInfo (lines 297-299 and 411-413) 
>   structure and puts it into the encoding (xenc) namespace. IMO
>   this shall be the Signature (ds) namespace (Encryption reuses 
>   the keyinfo and uses its extension feature, but does not 
>   define it again)
> 
> Dims, because you are active in both groups: can you forward these
> questions/comments to XML-security and OASIS WSS respectivly? Would
> help a lot, thanks. Btw, the xmlsec mailing is very quiet - is it
> out of order?
> 
> Regards
> Werner


=====
Davanum Srinivas - http://webservices.apache.org/~dims/