Hi Colm,

Thanks very much for your assistance.

Nathan


Date: Tue, 23 Jul 2013 14:08:51 +0100
Subject: Re: WSS4J: Local id attribute and Signature References
From: coheigea@apache.org
To: dev@ws.apache.org


The spec does not require that anything apart from wsu:Id be supported. At least, that's my reading of it.

Colm.


On Tue, Jul 23, 2013 at 1:53 PM, Nathan Clement <nathan.a.clement@hotmail.com> wrote:
Hi Colm,
 
Thanks for your reply.  I’m interested in your interpretation of the WS-Security spec.  Does the spec require that implementations support looking up references by local id, xml:id and wsu:Id, or is support only required for wsu:Id?  If it’s the latter, I might be able to convince the other party that no changes need to be made at my end Smiling face with smiling eyes
 
Thanks,
 
Nathan
 
Sent from Windows Mail
 
From: Colm O hEigeartaigh
Sent: ‎Tuesday‎, ‎23‎ ‎July‎ ‎2013 ‎6‎:‎51‎ ‎PM
To: dev@ws.apache.org
 

WSS4J does not support looking up references by xml:id. Again, you need to implement your own CallbackLookup implementation to support this scenario.

Colm.


On Mon, Jul 22, 2013 at 11:59 PM, Nathan Clement <nathan.a.clement@hotmail.com> wrote:
Hi Colm,

Thanks very much for your response.  Does WSS4J support looking up references by xml:id?  I'm confused reading the spec as to whether WS-Security requires support for looking up references by xml:id and local id.  From your response, I'm guessing that the spec only requires support for wsu:Id?

Thanks,

Nathan


Date: Mon, 22 Jul 2013 16:11:13 +0100
Subject: Re: WSS4J: Local id attribute and Signature References
From: coheigea@apache.org
To: dev@ws.apache.org

Hi Nathan,

I guess this is the kind of scenario that you should plug in your own CallbackLookup implementation. You can set one on the WSSecurityEngine implementation used as the starting point for WS-Security processing.

Colm.


On Fri, Jul 19, 2013 at 1:37 AM, Nathan Clement <nathan.a.clement@hotmail.com> wrote:
Hi,

The WS-Security spec says in section 4 "ID References":

However, because some key schemas used by this specification don't allow attribute extensibility (namely XML Signature and XML Encryption), this specification also allows use of their local ID attributes in addition to the wsu:Id attribute and the xml:id attribute [XMLID]

We are attempting to process an AS4 message, and the AS4 spec (http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/profiles/AS4-profile/v1.0/os/AS4-profile-v1.0-os.html) says in section 5.1.4 regarding the signature reference for the eb:Messaging header:

The eb:Messaging header SHOULD be referenced using the “id” attribute.

WSS4J doesn't seem to support looking up referenced elements by a local id attribute.  DOMCallbackLookup calls WSSecurityUtil.findElementById which only looks for wsu:Id or Id (with a capital I) with no namespace.

Should WSS4J allow lookup of a signed element by local id attribute?

i.e.

<eb:Messaging s:mustUnderstand="true" id="ebms_header" ...

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo>
    <ds:Reference URI="#ebms_header">

Thanks,

Nathan



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com