Security-dev folks, Can someone help us with the following? See email at the end for more info.
- To implement the interop scenarios we need some enhancements to XMLCipher (or at least the API Javadoc) to support the required Content encryption (currently Element encryption is performed). - To support scenario#4 XMLCipher needs to support the KeyInfo mechanism to get an external key (or it needs a method where a KeyName - KeyValue pair can be set). - To support scenario#7 we need to have the SignatureTokenReference transform (STR-Transform). Currently there is no such support in xmlsec Signature. Thanks, dims --- Dittmann Werner <[EMAIL PROTECTED]> wrote: > From: Dittmann Werner <[EMAIL PROTECTED]> > To: "'Davanum Srinivas'" <[EMAIL PROTECTED]> > CC: [EMAIL PROTECTED] > Subject: WSS4J and interoperability > Date: Wed, 10 Dec 2003 10:56:13 +0100 > > Dims, all > > after a first check of the interop documents I'm pretty > sure that we can do most of the scenarios. However, > some more flexibility and control of the security actions > to be performed need to build into the Axis handlers and > the WSS4J methods. As far as I can see, this could be done > without breaking the overall structure of the current > implementation. Also changes to existing interfaces would > be minimal or even zero. > > However, we need some support and enhancements from our > beloved XML Security friends: > > - To implement the interop scenarios we need some enhancements > to XMLCipher (or at least the API Javadoc) to support > the required Content encryption (currently Element encryption > is performed). > > - To support scenario#4 XMLCipher needs to support the KeyInfo > mechanism to get an external key (or it needs a method where > a KeyName - KeyValue pair can be set). > > - To support scenario#7 we need to have the SignatureTokenReference > transform (STR-Transform). Currently there is no such > support in xmlsec Signature. > > And here are comments to the WSS Interop documents: > > - In scenario#3 the Timestamp is the first child element in the > Security header, i.e. was inserted last. All other scenarios > that use a Timestamp inserted it first, i.e. it is the last > child element. I would opt to have it _always_ as the last > child element (inserted first). This way we can easily include > the Timestamp in other calculations, e.g. Signature, if required. > > - Example in Scenario#4 uses a KeyInfo (lines 297-299 and 411-413) > structure and puts it into the encoding (xenc) namespace. IMO > this shall be the Signature (ds) namespace (Encryption reuses > the keyinfo and uses its extension feature, but does not > define it again) > > Dims, because you are active in both groups: can you forward these > questions/comments to XML-security and OASIS WSS respectivly? Would > help a lot, thanks. Btw, the xmlsec mailing is very quiet - is it > out of order? > > Regards > Werner ===== Davanum Srinivas - http://webservices.apache.org/~dims/
