ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: WSS4J: Local id attribute and Signature References
Date Tue, 23 Jul 2013 13:08:51 GMT
The spec does not require that anything apart from wsu:Id be supported. At
least, that's my reading of it.

Colm.


On Tue, Jul 23, 2013 at 1:53 PM, Nathan Clement <
nathan.a.clement@hotmail.com> wrote:

> Hi Colm,
>
> Thanks for your reply.  Iโ€™m interested in your interpretation of the
> WS-Security spec.  Does the spec require that implementations support
> looking up references by local id, xml:id and wsu:Id, or is support only
> required for wsu:Id?  If itโ€™s the latter, I might be able to convince the
> other party that no changes need to be made at my end ๐Ÿ˜Š
>
> Thanks,
>
> Nathan
>
> Sent from Windows Mail
>
> *From:* Colm O hEigeartaigh
> *Sent:* โ€ŽTuesdayโ€Ž, โ€Ž23โ€Ž โ€ŽJulyโ€Ž โ€Ž2013 โ€Ž6โ€Ž:โ€Ž51โ€Ž โ€ŽPM
> *To:* dev@ws.apache.org
>
>
> WSS4J does not support looking up references by xml:id. Again, you need to
> implement your own CallbackLookup implementation to support this scenario.
>
> Colm.
>
>
> On Mon, Jul 22, 2013 at 11:59 PM, Nathan Clement <
> nathan.a.clement@hotmail.com> wrote:
>
>> Hi Colm,
>>
>> Thanks very much for your response.  Does WSS4J support looking up
>> references by xml:id?  I'm confused reading the spec as to whether
>> WS-Security requires support for looking up references by xml:id and local
>> id.  From your response, I'm guessing that the spec only requires support
>> for wsu:Id?
>>
>> Thanks,
>>
>> Nathan
>>
>> ------------------------------
>> Date: Mon, 22 Jul 2013 16:11:13 +0100
>> Subject: Re: WSS4J: Local id attribute and Signature References
>> From: coheigea@apache.org
>> To: dev@ws.apache.org
>>
>> Hi Nathan,
>>
>> I guess this is the kind of scenario that you should plug in your own
>> CallbackLookup implementation. You can set one on the WSSecurityEngine
>> implementation used as the starting point for WS-Security processing.
>>
>> Colm.
>>
>>
>> On Fri, Jul 19, 2013 at 1:37 AM, Nathan Clement <
>> nathan.a.clement@hotmail.com> wrote:
>>
>>  Hi,
>>
>> The WS-Security spec says in section 4 "ID References":
>>
>> *However, because some key schemas used by this specification don't
>> allow attribute extensibility (namely XML Signature and XML Encryption),
>> this specification also allows use of their local ID attributes in addition
>> to the wsu:Id attribute and the xml:id attribute [XMLID]*
>>
>> We are attempting to process an AS4 message, and the AS4 spec (
>> http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/profiles/AS4-profile/v1.0/os/AS4-profile-v1.0-os.html)
>> says in section 5.1.4 regarding the signature reference for the
>> eb:Messaging header:
>>
>> *The eb:Messaging header SHOULD be referenced using the โ€œidโ€ attribute.*
>>
>> WSS4J doesn't seem to support looking up referenced elements by a local
>> id attribute.  DOMCallbackLookup calls WSSecurityUtil.findElementById which
>> only looks for wsu:Id or Id (with a capital I) with no namespace.
>>
>> Should WSS4J allow lookup of a signed element by local id attribute?
>>
>> i.e.
>>
>> <eb:Messaging s:mustUnderstand="true" id="ebms_header" ...
>>
>> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>>   <ds:SignedInfo>
>>     <ds:Reference URI="#ebms_header">
>>
>> Thanks,
>>
>> Nathan
>>
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message