[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: sorry....forgot a few things.....
Firstly the use of XMLSignature is a question of when not if. We should use it sooner rather than later if we can assume that: 1. The spec is final and won't change, and 2. Production quality interoperable solutions are available that can be used by developers The issue then becomes is do we still need to support MIME ... I honestly don't know the answer to that one. Secondly Chris talks about us being neutral about what you sign in the payload. I agree, however we should specify for interoparability reasons: 1. Where in the message structure a "message level" signature goes, and 2. How to identify, construct, locate and validate it A "message level" signature is one which binds together the various parts of an ebXML Message (header, payload, even transport maybe. My $0.02c ... David -----Original Message----- From: Christopher Ferris [mailto:chris.ferris@east.sun.com] Sent: Tuesday, November 28, 2000 7:42 PM To: yanqin xu; ebxml-ta-security@lists.ebxml.org Subject: Re: sorry....forgot a few things..... Jenny, IBM has an XMLSignature package available through their alphaworks website: http://alphaworks.ibm.com/tech/xmlsecuritysuite I have actually been exploring the possibilities for use of DSig to sign the ebXML headers and payload for that matter. As to your first question: Our objective is to keep the signing agnostic and independent of any specific transport (keeping in mind that ebXML TR&P Message Service itself is not specific to any particular transport). As to your second query, I'm not sure that I understand the nature of your question. Are you suggesting that certain elements of the payload might be signed using a different algorithm and/or certificate than others? What am I missing? Cheers, Chris yanqin xu wrote: > > Hi, Maryann, > > I don't know if we can put the following two items into our future > discussion agenda, if there is no time for it in the Boston f2f meeting: > > [1] Digital signing and certification in message level or header level are > ebXML specific. How will this impact the interoperability between ebXML and > any other transport standard in the future? How will this impact the > conformance between any other standard and ebXML? > > [2] Can we think about special signature and certificate for some elements > that require more securities, for example, catalog item price, purchase > order price, bank transaction amount, or invoice "total" amount? > > Except these, I have a question to ask everybody in the team. That is, > > Does anybody know if there are APIs that can handle XML document element > level digital signature and certificates? If there are such APIs, please let > me know where I can find it. > > Thanks. > > Regards, > > Jenny Xu > > >From: Maryann Hondo <mhondo@us.ibm.com> > >To: ebxml-ta-security@lists.ebxml.org > >Subject: sorry....forgot a few things..... > >Date: Tue, 28 Nov 2000 15:28:57 -0500 > > > >One, the requirements, > > > >(See attached file: Security Requirements for TRP.doc) > > > > > >Two, > > > >we need to put Farrukh's proposal on the agenda..... > > > > > >Three, > > > >we need to approve the glossary > >(See attached file: glossary-proposal.doc) > > > > > >(maybe we should order dinner in) > ><< SecurityRequirementsforTRP.doc >> > ><< glossary-proposal.doc >> > > ____________________________________________________________________________ _________ > Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com -- Christopher Ferris _/_/_/_/ _/ _/ _/ _/ Sr Staff Engineer - XTC Advanced Development _/ _/ _/ _/_/ _/ Phone: 781-442-3063 or x23063 _/_/_/_/ _/ _/ _/ _/ _/ Email: chris.ferris@East.Sun.COM _/ _/ _/ _/ _/_/ Sun Microsystems, Mailstop: UBUR03-313 _/_/_/_/ _/_/_/ _/ _/ 1 Network Drive Burlington, MA 01803-0903
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC