This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 3708 - Updated Security Considerations section in framework document: Add mention of use of XML Signature to sign policy
Summary: Updated Security Considerations section in framework document: Add mention of...
Status: RESOLVED FIXED
Alias: None
Product: WS-Policy
Classification: Unclassified
Component: Framework (show other bugs)
Version: FPWD
Hardware: Macintosh All
: P2 normal
Target Milestone: ---
Assignee: Frederick Hirsch
QA Contact: Web Services Policy WG QA List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-09-12 19:39 UTC by Frederick Hirsch
Modified: 2006-09-14 17:40 UTC (History)
0 users

See Also:


Attachments

Description Frederick Hirsch 2006-09-12 19:39:44 UTC
Policy may need integrity protection, yet not in the context of a SOAP message. For this reason XML Signature may be used.

Mention of use of XML Signature for this purpose can be added to the Framework Security Considerations section of the Framework document.

Proposed changes to framework document:

1) Add sentence at end of current section 5 (Security Considerations):

Policies may be signed using XML Signature to provide integrity protection and origin authentication, especially in contexts where message security is not appropriate.

2) Incorporate  security considerations listed in contributed primer into Framework document
See Appendix A in PDF referenced in http://lists.w3.org/Archives/Public/public-ws-policy/2006Jul/0001
Comment 1 Frederick Hirsch 2006-09-13 15:01:16 UTC
In template format:

Description - Update security considerations section of Framework to include discussion of XML Signature use as well as additional security considerations from Primer

Justification - Core document should include informative Securiity Considerations section. Integrity protection and source authentication provided by XML Signature in non-messaging context should be included as consideration.

Target - WS-Policy Framework [1]

Proposal:

1) Add sentence at end of current section 5 (Security Considerations):

Policies may be signed using XML Signature to provide integrity protection and origin authentication, especially in contexts where message security is not appropriate.

2) Incorporate  security considerations listed in contributed primer into Framework document. See Appendix A in PDF referenced in
http://lists.w3.org/Archives/Public/public-ws-policy/2006Jul/0001

Test: review of section

[1] http://dev.w3.org/cvsweb/~checkout~/2006/ws/policy/ws-policy-framework.html?content-type=text/html;%20charset=utf-8
Comment 2 Frederick Hirsch 2006-09-14 17:40:28 UTC
Entire proposal adopted as well as decision to remove considerations from primer, adding pointer from primer to Framework security considerations section.

Minutes
 http://www.w3.org/2006/09/14-ws-policy-irc#T17-38-49