ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nathan Clement <nathan.a.clem...@hotmail.com>
Subject RE: WSS4J: Local id attribute and Signature References
Date Tue, 23 Jul 2013 22:46:11 GMT
Hi Colm,

Thanks very much for your assistance.

Nathan

Date: Tue, 23 Jul 2013 14:08:51 +0100
Subject: Re: WSS4J: Local id attribute and Signature References
From: coheigea@apache.org
To: dev@ws.apache.org


The spec does not require that anything apart from wsu:Id be supported. At least, that's my
reading of it.

Colm.


On Tue, Jul 23, 2013 at 1:53 PM, Nathan Clement <nathan.a.clement@hotmail.com> wrote:


Hi Colm, Thanks for your reply.  I’m interested in your interpretation of the WS-Security
spec.  Does the spec require that implementations support looking up references by local id,
xml:id and wsu:Id, or is support only required for wsu:Id?  If it’s the latter, I might
be able to convince the other party that no changes need to be made at my end 😊
 Thanks, Nathan Sent from Windows Mail 
From: Colm O hEigeartaigh

Sent: ‎Tuesday‎, ‎23‎ ‎July‎ ‎2013 ‎6‎:‎51‎ ‎PM
To: dev@ws.apache.org 
WSS4J does not support looking up references by xml:id. Again, you need to implement your
own CallbackLookup implementation to support this scenario.


Colm.



On Mon, Jul 22, 2013 at 11:59 PM, Nathan Clement <nathan.a.clement@hotmail.com> wrote:





Hi Colm,

Thanks very much for your response.  Does WSS4J support looking up references by xml:id? 
I'm confused reading the spec as to whether WS-Security requires support for looking up references
by xml:id and local id.  From your response, I'm guessing that the spec only requires support
for wsu:Id?



Thanks,

Nathan

Date: Mon, 22 Jul 2013 16:11:13 +0100
Subject: Re: WSS4J: Local id attribute and Signature References
From: coheigea@apache.org


To: dev@ws.apache.org

Hi Nathan,

I guess this is the kind of scenario that you should plug in your own CallbackLookup implementation.
You can set one on the WSSecurityEngine implementation used as the starting point for WS-Security
processing.




Colm.


On Fri, Jul 19, 2013 at 1:37 AM, Nathan Clement <nathan.a.clement@hotmail.com> wrote:









Hi,

The WS-Security spec says in section 4 "ID References":

However, because some key schemas used by this specification don't allow attribute extensibility
(namely XML Signature and XML Encryption), this specification also allows use of their local
ID attributes in addition to the wsu:Id attribute and the xml:id attribute [XMLID]




We are attempting to process an AS4 message, and the AS4 spec (http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/profiles/AS4-profile/v1.0/os/AS4-profile-v1.0-os.html)
says in section 5.1.4 regarding the signature reference for the eb:Messaging header:




The eb:Messaging header SHOULD be referenced using the “id”
  attribute.

WSS4J doesn't seem to support looking up referenced elements by a local id attribute.  DOMCallbackLookup
calls WSSecurityUtil.findElementById which only looks for wsu:Id or Id (with a capital I)
with no namespace.




Should WSS4J allow lookup of a signed element by local id attribute?

i.e.

<eb:Messaging s:mustUnderstand="true" id="ebms_header" ...

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">



  <ds:SignedInfo>
    <ds:Reference URI="#ebms_header">

Thanks,

Nathan

 		 	   		  


-- 
Colm O hEigeartaigh

Talend Community Coder


http://coders.talend.com
 		 	   		  



-- 
Colm O hEigeartaigh

Talend Community Coder

http://coders.talend.com



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
 		 	   		  
Mime
View raw message