Abstract
This document defines the WS-I Basic Security Profile 1.0, based on a set of
non-proprietary Web services specifications, along with clarifications and
amendments to those specifications which promote interoperability.
Status of this Document
This document is a Working Group Draft; it has been accepted by the Working
Group as reflecting the current state of discussions. It is a work in progress,
and should not be considered authoritative or final; other documents may
supersede this document.
Notice
The material contained herein is not a license, either expressly or
impliedly, to any intellectual property owned or controlled by any of the
authors or developers of this material or WS-I. The material contained herein is
provided on an "AS IS" basis and to the maximum extent permitted by applicable
law, this material is provided AS IS AND WITH ALL FAULTS, and the authors and
developers of this material and WS-I hereby disclaim all other warranties and
conditions, either express, implied or statutory, including, but not limited to,
any (if any) implied warranties, duties or conditions of merchantability, of
fitness for a particular purpose, of accuracy or completeness of responses, of
results, of workmanlike effort, of lack of viruses, and of lack of negligence.
ALSO, THERE IS NO WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET
POSSESSION, CORRESPONDENCE TO DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO
THIS MATERIAL.
IN NO EVENT WILL ANY AUTHOR OR DEVELOPER OF THIS MATERIAL OR WS-I BE LIABLE
TO ANY OTHER PARTY FOR THE COST OF PROCURING SUBSTITUTE GOODS OR SERVICES, LOST
PROFITS, LOSS OF USE, LOSS OF DATA, OR ANY INCIDENTAL, CONSEQUENTIAL, DIRECT,
INDIRECT, OR SPECIAL DAMAGES WHETHER UNDER CONTRACT, TORT, WARRANTY, OR
OTHERWISE, ARISING IN ANY WAY OUT OF THIS OR ANY OTHER AGREEMENT RELATING TO
THIS MATERIAL, WHETHER OR NOT SUCH PARTY HAD ADVANCE NOTICE OF THE POSSIBILITY
OF SUCH DAMAGES.
Feedback
The Web Services-Interoperability Organization (WS-I) would like to receive
input, suggestions and other feedback ("Feedback") on this work from a wide
variety of industry participants to improve its quality over time.
By sending email, or otherwise communicating with WS-I, you (on behalf of
yourself if you are an individual, and your company if you are providing
Feedback on behalf of the company) will be deemed to have granted to WS-I, the
members of WS-I, and other parties that have access to your Feedback, a
non-exclusive, non-transferable, worldwide, perpetual, irrevocable, royalty-free
license to use, disclose, copy, license, modify, sublicense or otherwise
distribute and exploit in any manner whatsoever the Feedback you provide
regarding the work. You acknowledge that you have no expectation of
confidentiality with respect to any Feedback you provide. You represent and
warrant that you have rights to provide this Feedback, and if you are providing
Feedback on behalf of a company, you represent and warrant that you have the
rights to provide Feedback on behalf of your company. You also acknowledge that
WS-I is not required to review, discuss, use, consider or in any way incorporate
your Feedback into future versions of its work. If WS-I does incorporate some or
all of your Feedback in a future version of the work, it may, but is not
obligated to include your name (or, if you are identified as acting on behalf of
your company, the name of your company) on a list of contributors to the work.
If the foregoing is not acceptable to you and any company on whose behalf you
are acting, please do not provide any Feedback.
Feedback on this document should be directed to wsi_secprofile_comment@lists.ws-i.org.
Table of Contents
1. Introduction
1.1. Guiding
Principles
2. Document
Conventions
2.1. Security
Considerations
2.2. Notational
Conventions
2.3. Profile
Identification and Versioning
3. Profile
Conformance
3.1. Conformance
Requirements
3.2. Conformance
Targets
3.3. Conformance
Scope
3.4. Claiming
Conformance
4. Transport
Layer Security
4.1. SSL
and TLS
4.1.1. Use
of SSL 2.0
4.2. Security
Considerations
4.2.1. SOAPAction
Header
5. SOAP
Message Security
5.1. Security
Tokens
5.1.1. Binary
Security Token EncodingType Attribute
5.1.2.
Binary
Security Token ValueType Attribute
5.2. SecurityTokenReferences
5.2.1. Internal
References
5.2.2. Shorthand
XPointer References
5.2.3. References
to Preceding Security Tokens
5.2.4. Direct
Preferred to Embedded for Internal References
5.2.5. Direct
Required When Possible for External References
5.2.6. Format
of Embedded References
5.2.7. Key
Identifier for External References
5.2.8. Key
Name References Prohibited
5.2.9. http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0-2005-01-20.html#KeyIdentifier/@ValueType_Attribute
5.2.10. Children
of wsse:Embedded
5.2.11. Reference
from wsse:SecurityTokenReference to
wsse:SecurityTokenReference
5.2.12. wsse:SecurityTokenReference/Reference
ValueType Attribute
5.2.13. wsse:SecurityTokenReference
constraints
5.2.14. wsse:SecurityTokenReference
Dereferencing Transform
5.3. Timestamps
5.3.1. wsu:Timestamp/wsu:Created
5.3.2. Occurence
constraints on wsu:Created and wsu:Expires
5.3.3. Value
constraints on wsu:Created and wsu:Expires
5.3.4. wsu:Timestamp
inside wsse:Security header
5.4. wsu:Id
References
5.4.1. wsu:Id
Attribute Uniqueness
5.5. wsse:Security
Processing Order
5.5.1. Order
of Processing
5.6. SOAP
Actor
5.6.1. SOAP
Actor Value
6. Username
Token Profile
6.1. Token
Usage
6.1.1. http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0-2005-01-20.html#wsse_UsernameToken/wsse_Password/@Type
6.1.2. PasswordDigest
6.1.3. ValueType
attribute
6.1.4. Reference
by KeyIdentifier
6.1.5. Key
Derivation
6.1.6. Sign
UsernameToken
7. X.509
Certificate Token Profile
7.1. Token
Types
7.1.1. Certificate
Path
7.1.2. KeyIdentifier
8.
XML-Signature
8.1. General
Constraints on XML Signature
8.1.1. Types
of Signatures
8.2. Element
References in XML Signature
8.2.1. Reference
to Elements by Shorthand XPointer
8.2.2. Reference
to Elements by XPath Expression
8.3. XML
Signature Algorithms
8.3.1. Use
Exclusive C14N
8.3.2. Transform
required
8.3.3. Permitted
algorithms
8.4. XML
Signature Syntax
8.4.1. ds:HMACOutputLength
8.4.2. ds:KeyInfo
8.4.3. ds:Manifest
8.5. Security
Considerations
8.5.1. Sign
Security Token
9. XML
Encryption
9.1. XML
Encryption Processing Model
9.1.1. xenc:ReferenceList
9.1.2. xenc:EncryptedKey
9.2. XML
Encryption Syntax
9.2.1. Placement
9.2.2. xenc:EncryptedKey
attributes
9.2.3. xenc:EncryptedData
attributes
9.2.4. References
from xenc:EncryptedData
9.2.5. xenc:EncryptionMethod
mandatory
9.2.6. http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0-2005-01-20.html#xenc_EncryptedKey/@Recipient
9.2.7. ds:KeyInfo/xenc:AgreementMethod
prohibited
9.2.8. xenc:EncryptedData
9.2.9. SOAP
Envelope
9.3. Element
References in XML Encryption
9.3.1. Reference
to Elements by Shorthand XPointer
9.4. XML
Encryption Algorithms
9.4.1. Permitted
Algorithms
9.5. Security
Considerations
9.5.1. Encrypt
DigestValue
10. Algorithms
10.1. Transport
Level Security Algorithms
10.1.1. Mandatory
ciphersuites
10.1.2. Recommended
ciphersuites
10.1.3. Discouraged
ciphersuites
10.1.4. Prohibited
ciphersuites
11. Relationship
of Basic Security Profile as an Extension to Basic Profile
11.1. Basic
Profile Clarifications
11.1.1. BP
Requirement R2301
11.1.2. BP
Requirement R2710
11.1.3. BP
Requirement R2712
11.1.4. BP
Requirement R2724
11.1.5. BP
Requirement R2725
11.1.6. BP
Requirement R2729
11.1.7. BP
Requirement R2738
11.1.8. BP
Requirement R1029
12. Attachment
Security
12.1. SOAP
with Attachments
12.1.1. Conformance
12.1.2. Scope
12.2. Signed
Attachments
12.2.1. Reference
12.2.2. Transform
12.3. Encrypted
Attachments
12.3.1. Reference
12.3.2. Content
13.
Security
Considerations
Appendix A: Referenced
Specifications
Appendix B: Extensibility
Points
Appendix C: Acknowledgements
1. Introduction
This document defines the WS-I Basic
Security Profile 1.0 (hereafter, "Profile"), consisting of a set of
non-proprietary Web services specifications, along with clarifications to and
amplifications of those specifications which promote interoperability.
Section 1, "Introduction," introduces the Profile and relates the philosophy
that it takes with regard to interoperability.
Section 2, "Document Conventions," describes notational conventions utilized by this
Profile.
Section 3, "Profile Conformance," explains what it means to be conformant to the
Profile.
Each subsequent section addresses a
component of the Profile, and consists of two parts: an overview detailing the
component specifications and their extensibility points, followed by subsections
that address individual parts of the component specifications. Note that there
is no relationship between the section numbers in this document and those in the
referenced specifications.
1.1 Guiding Principles
The Profile was developed according to a
set of principles that, together, form the philosophy of the Profile, as it
relates to bringing about interoperability. This section documents these
guidelines.
- No guarantee of interoperability
- Although it is impossible to
completely guarantee the interoperability of a particular service, the Profile
attempts to increase interoperability by addressing the most common problems
that implementation experience has revealed to date.
- Focus profiling effort
- The focus of the Profile is the
specifications that are explicitly defined as in-scope for the profile. Other
specifications are profiled to the minimal extent necessary to allow
meaningful profiling of the scoped specifications. This allows an in-depth
profile of the scoped specifications with reduced constraining of other
specifications.
- Application semantics
- Although communication of application
semantics can be facilitated by the technologies that comprise the Profile,
assuring the common understanding of those semantics is not addressed by it.
- Testability
- When possible, the Profile makes
statements that are testable. However, such testability is not required.
Preferably, testing is achieved in a non-intrusive manner (e.g., examining
artifacts "on the wire"). Note: Due to the nature of cryptographic security,
non-intrusive testing may not be possible.
- Strength of requirements
- The Profile makes strong requirements
(e.g., MUST, MUST NOT) wherever feasible; if there are legitimate cases where
such a requirement cannot be met, conditional requirements (e.g., SHOULD,
SHOULD NOT) are used. Optional and conditional requirements introduce
ambiguity and mismatches between implementations.
- Restriction vs. relaxation
- When amplifying the requirements of
referenced specifications (including the Basic Profile 1.0 ), the Profile may
restrict them, but does not relax them (e.g., change a MUST to a MAY).
- Multiple mechanisms
- If a referenced specification allows
multiple mechanisms to be used interchangeably to achieve the same goal, the
Profile selects those that are well-understood, widely implemented and useful.
Extraneous or underspecified mechanisms and extensions introduce complexity
and therefore reduce interoperability.
- Future compatibility
- When possible, the Profile aligns its
requirements with in-progress revisions to the specifications it references
(e.g., Web Services Security). This aids implementers by enabling a graceful
transition, and assures that WS-I does not 'fork' from these efforts. When the
Profile cannot address an issue in a specification it references, this
information is communicated to the appropriate body to assure its
consideration.
- Compatibility with deployed services
- Backwards compatibility with deployed
Web services is not a goal for the Profile, but due consideration is given to
it; the Profile does not introduce a change to the requirements of a
referenced specification unless doing so addresses specific interoperability
issues.
- Focus on interoperability
- Although there are potentially a
number of inconsistencies and design flaws in the referenced specifications,
the Profile only addresses those that affect interoperability.
- Conformance targets
- Where possible, the Profile places
requirements on artifacts (e.g., WSDL descriptions, SOAP messages) rather than
the producing or consuming software's behaviors or roles. Artifacts are
concrete, making them easier to verify and therefore making conformance easier
to understand and less error-prone.
- Lower-layer interoperability
- The BSP Profile speaks to
interoperability at the web-services layer only; it assumes that
interoperability of lower-layer protocols ( e.g. TCP, HTTP ) and technologies
(e.g. encryption and signature algorithms ) is adequate and well-understood.
WS-I does not attempt to assure the interoperability of these protocols and
technologies as a whole. This assures that WS-I's expertise in and focus on
Web services standards is used effectively.
- Do no harm
- Interoperability of security
technologies does not in and of itself ensure security, and the act of
combining new technologies and protocols is especially susceptible to security
threats. The profile takes steps to avoid introducing new security threats.
- Best Practices
- It is not the intent of the BSP
Profile to define security best practices. However, when multiple options
exist, we may use known security weaknesses as a means of reducing choice and
thus enhancing interoperability. BSP Profile will offer non-normative security
considerations where the authors deem appropriate; however, these are by no
means exhaustive and should not be perceived as a sanctioning of a security
best practice.
2. Document Conventions
This document follows conventions common
to all WS-I profiles. These are described in the following sections.
2.1 Security Considerations
The Profile will draw attention to
security considerations; however, these are informational only and should be
treated as non-normative. Adherence to these considerations does not guarantee
security.
Security considerations are presented as
follows:
Cnnnn
Statement text here.
where "nnnn" is replaced by a number that
is unique among the considerations in the Profile, thereby forming a unique
consideration identifier.
2.2 Notational Conventions
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
"SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
interpreted as described in RFC2119.
Normative statements of requirements in the Profile (i.e., those impacting
conformance, as outlined in "Conformance
Requirements") are presented in the following manner:
RnnnnStatement text here.
where "nnnn" is replaced by a number that is unique among the requirements in
the Profile, thereby forming a unique requirement identifier.
Requirement identifiers can be considered to be namespace qualified, in such
a way as to be compatible with QNames from Namespaces in XML. If there is no
explicit namespace prefix on a requirement's identifier (e.g., "R9999" as
opposed to "bp10:R9999"), it should be interpreted as being in the namespace
identified by the conformance URI of the document section it occurs in. If it is
qualified, the prefix should be interpreted according to the namespace mappings
in effect, as documented below.
Some requirements clarify the referenced specification(s), but do not place
additional constraints upon implementations. For convenience, clarifications are
annotated in the following manner: C
Some requirements are derived from ongoing standardization work on the
referenced specification(s). For convenience, such forward-derived statements
are annotated in the following manner: xxxx,
where "xxxx" is an identifier for the specification (e.g., "WSDL20" for WSDL
Version 2.0). Note that because such work was not complete when this document
was publiished, the specification that the requirement is derived from may
change; this information is included only as a convenience to implementers.
Extensibility points in underlying specifications (see "Conformance
Scope") are presented in a similar manner:
EnnnnExtensibility Point Name
- Description
where "nnnn" is replaced by a number that is unique among the extensibility
points in the Profile. As with requirement statements, extensibility statements
can be considered namespace-qualified.
This specification uses a number of namespace prefixes throughout; their
associated URIs are listed below. Note that the choice of any namespace prefix
is arbitrary and not semantically significant.
- soap - "http://schemas.xmlsoap.org/soap/envelope/"
- xsd - "http://www.w3.org/2001/XMLSchema"
- wsi - "http://www.ws-i.org/schemas/conformanceClaim"
- ds - "http://www.w3.org/2000/09/xmldsig#""
- xenc - "http://www.w3.org/2001/04/xmlenc#"
- c14n - "http://www.w3.org/2001/10/xml-exc-c14n#"
- wsse -
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
- wsu -
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- b10 -
"http://www.ws-i.org/Profiles/Basic/2003-08/BasicProfile-1.0a.htm"
- bp11 -
"http://www.ws-i.org/Profiles/BasicProfile-1.1.html"
2.3 Profile Identification and Versioning
This document is identified by a name (in this case, Basic Security Profile)
and a version number (here, 1.0). Together, they identify a particular
profile instance.
Version numbers are composed of a major and minor portion, in the form
"major.minor". They can be used to determine the precedence of a profile
instance; a higher version number (considering both the major and minor
components) indicates that an instance is more recent, and therefore supersedes
earlier instances.
Instances of profiles with the same name (e.g., "Example Profile 1.1" and
"Example Profile 5.0") address interoperability problems in the same general
scope (although some developments may require the exact scope of a profile to
change between instances).
One can also use this information to determine whether two instances of a
profile are backwards-compatible; that is, whether one can assume that
conformance to an earlier profile instance implies conformance to a later one.
Profile instances with the same name and major version number (e.g., "Example
Profile 1.0" and "Example Profile 1.1") MAY be considered compatible. Note that
this does not imply anything about compatibility in the other direction; that
is, one cannot assume that conformance with a later profile instance implies
conformance to an earlier one.
Conformance to the Profile is defined by adherence to the set of
requirements defined for a specific target, within the
scope of the Profile. This section explains these terms and describes
how conformance is defined and used.
Requirements state the criteria for conformance to the Profile. They
typically refer to an existing specification and embody refinements,
amplifications, interpretations and clarifications to it in order to improve
interoperability. All requirements in the Profile are considered normative, and
those in the specifications it references that are in-scope (see "Conformance
Scope") should likewise be considered normative. When requirements in the
Profile and its referenced specifications contradict each other, the Profile's
requirements take precedence for purposes of Profile conformance.
Requirement levels, using RFC2119 language (e.g., MUST,
MAY, SHOULD) indicate the nature of the requirement and its impact on
conformance. Each requirement is individually identified (e.g., R9999) for
convenience.
For example;
R9999 WIDGETs SHOULD be round
in shape.
This requirement is identified by "R9999", applies to the target WIDGET (see
below), and places a conditional requirement upon widgets; i.e., although this
requirement must be met to maintain conformance in most cases, there are some
situations where there may be valid reasons for it not being met (which are
explained in the requirement itself, or in its accompanying text).
Each requirement statement contains exactly one requirement level keyword
(e.g., "MUST") and one conformance target keyword (e.g., "MESSAGE"). The
conformance target keyword appears in bold text (e.g. "MESSAGE"). Other
conformance targets appearing in non-bold text are being used strictly for their
definition and NOT as a conformance target. Additional text may be included to
illuminate a requirement or group of requirements (e.g., rationale and
examples); however, prose surrounding requirement statements must not be
considered in determining conformance.
Definitions of terms in the Profile are considered authoritative for the
purposes of determining conformance.
None of the requirements in the Profile, regardless of their conformance
level, should be interpreted as limiting the ability of an otherwise conforming
implementation to apply security countermeasures in response to a real or
perceived threat (e.g., a denial of service attack).
Conformance targets identify what artifacts (e.g., SOAP message, WSDL
description, UDDI registry data) or parties (e.g., SOAP processor, end user)
requirements apply to.
This allows for the definition of conformance in different contexts, to
assure unambiguous interpretation of the applicability of requirements, and to
allow conformance testing of artifacts (e.g., SOAP messages and WSDL
descriptions) and the behavior of various parties to a Web service (e.g.,
clients and service instances).
Requirements' conformance targets are physical artifacts wherever possible,
to simplify testing and avoid ambiguity.
The following conformance targets are used in the Profile:
- SECURE_ENVELOPE - a SOAP envelope that contains
sub-elements that have been subject to integrity and/or confidentiality
protection. A message is considered conformant when all of its contained
Artifacts are conformant with all Statements related to SECURE_ENVELOPE,
SECURE_MESSAGE, SECURITY_HEADER, REFERENCE, SIGNATURE, ENCRYPTED_KEY,
ENCRYPTION_REFERENCE_LIST, ENCRYPTED_KEY_REFERENCE_LIST, ENCRYPTED_DATA,
SECURITY_TOKEN_REFERENCE, INTERNAL_SECURITY_TOKEN and TIMESTAMP as appropriate
in the Profile. Use of artifacts for which there are no statements in the
Profile does not effect conformance.
- SECURE_MESSAGE - protocol elements that have WSS Security
applied to them. Protocol elements include a primary SOAP envelope and
optionally associated SwA attachments.
- SENDER - software that generates a message according to
the protocol(s) associated with it. A sender is considered conformant when all
of the messages it produces are conformant and its behavior is conformant with
all statements related to SENDER in the Profile. (from Basic Profile 1.0)
- RECEIVER - software that consumes a message according to
the protocol(s) associated with it. A receiver is considered conformant when
it is capable of consuming conformant messages containing the artifacts that
it supports and its behavior is conformant with all statements related to
RECEIVER in the Profile. A conformant receiver need not accept all possible
conformant messages. A conformant receiver may choose not to support artifacts
that provide unneeded or undesired functionality. When a receiver supports a
specific artifact, a nd the Profile contains statements related to that
artifact, a conformant receiver must accept all required conformant forms of
that artifact. (from Basic Profile 1.0)
- INSTANCE - software that implements a wsdl:port or a
uddi:bindingTemplate. (from Basic Profile 1.0)
- DESCRIPTION - descriptions of types, messages, interfaces
and their concrete protocol and data format bindings, and the network access
points associated with Web services (e.g., WSDL descriptions) (from Basic
Profile 1.0)
- SECURITY_HEADER - an element included as a child of
soap:Envelope/soap:Header and named wsse:Security
- REFERENCE - a SIGNATURE ds:Reference element.
- SIGNATURE - an element included as a child of a
SECURITY_HEADER and named ds:Signature.
- ENCRYPTED_KEY - an element included as a child of a
SECURITY_HEADER and named xenc:EncryptedKey.
- ENCRYPTION_REFERENCE_LIST - an element which is included
as a child of a SECURITY_HEADER and named xenc:ReferenceList.
- ENCRYPTED_KEY_REFERENCE_LIST - an element which is
included as a child of an ENCRYPTED_KEY and named xenc:ReferenceList.
- ENCRYPTED_DATA - an element named xenc:EncryptedData
which is referenced by either an ENCRYPTED_KEY_REFERENCE_LIST or an
ENCRYPTION_REFERENCE_LIST.
- SECURITY_TOKEN_REFERENCE - an element included as a
descendant of a SECURITY_HEADER or an ENCRYPTED_DATA and is named
wsse:SecurityTokenReference.
- INTERNAL_SECURITY_TOKEN - a security token defined in a
security token profile and that is either a child of a SECURITY_HEADER or a
child of a wsse:Embedded element in a SECURITY_TOKEN_REFERENCE.
- EXTERNAL_SECURITY_TOKEN - a security token defined in a
security token profile that is external to a SECURE_ENVELOPE.
- SECURITY_TOKEN - either an INTERNAL_SECURITY_TOKEN or an
EXTERNAL_SECURITY_TOKEN. (e.g. UsernameToken, X.509 Certificate Token, REL
Token, SAML Token et.al.)
- TIMESTAMP - an element included as a child of a
SECURITY_HEADER and named wsu:Timestamp
The scope of the Profile delineates the technologies that it addresses; in
other words, the Profile only attempts to improve interoperability within its
own scope. Generally, the Profile's scope is bounded by the specifications
referenced by it.
The Profile's scope is further refined by extensibility points. Referenced
specifications often provide extension mechanisms and unspecified or open-ended
configuration parameters; when identified in the Profile as an extensibility
point, such a mechanism or parameter is outside the scope of the Profile, and
its use or non-use is not relevant to conformance.
Note that the Profile may still place requirements on the use of an
extensibility point. Also, specific uses of extensibility points may be further
restricted by other profiles, to improve interoperability when used in
conjunction with the Profile.
Because the use of extensibility points may impair interoperability, their
use should be negotiated or documented in some fashion by the parties to a Web
service; for example, this could take the form of an out-of-band agreement.
The Profile's scope is defined by the referenced specifications in Appendix
A, as refined by the extensibility points in Appendix
B.
Claims of conformance to the Profile can be made using the following
mechanisms, as described in Conformance Claim
Attachment Mechanisms, when the applicable Profile requirements associated
with the listed targets have been met:
The CCAM URI may change before final publication.
The conformance claim URI for this Profile is
"http://ws-i.org/profiles/basic-security/core/1.0", with the following
exceptions, which are associatedwith specific sections:
4. Transport Layer Security
This section of the Profile incorporates the following specifications by
reference, and defines extensibility points within them:
- HTTP over
TLS
- The TLS
Protocol Version 1.0
Extensibility points:
- E0009 - TLS Ciphersuites - TLS
allows for the use of arbitrary encryption algorithms. Note that while
section 10.1 of this Profile mandates, recommends, and discourages support
for certain ciphersuites, this Profile does not prohibit use of any specific
ciphersuite.
- E0010 - TLS Extensions - TLS
allows for extensions during the handshake phase.
- The
SSL Protocol Version 3.0
Extensibility points:
- E0011 - SSL Ciphersuites - SSL
allows for the use of arbitrary encryption algorithms. Note that while
section 10.1 of this Profile mandates, recommends, and discourages support
for certain ciphersuites, this Profile does not prohibit use of any specific
ciphersuite.
4.1 SSL and TLS
The following specifications (or sections thereof) are referred to in this
section of the Profile:
SSL and TLS are both used as underlying
protocols for HTTP/S. This profile places the following constraints on those
protocols:
4.1.1 Use of SSL 2.0
SSL 2.0 has known security issues and all
current implementations of HTTP/S support more recent protocols. Therefore this
profile prohibits use of SSL 2.0.
R2001 A
SENDER MUST NOT use SSL 2.0 as the
underlying protocol for HTTP/S
R2002 A
RECEIVER MUST NOT use SSL 2.0 as the
underlying protocol for HTTP/S
4.2 Security Considerations
The following specifications (or sections thereof) are referred to in this
section of the Profile:
HTTP headers are only protected when SSL
or TLS is used, and even then only between adjacent SOAP nodes. This profile
places the following constraints on the use of HTTP headers:
C2010 A
SECURE_ENVELOPE SHOULD NOT be transmitted in
an HTTP message containing a SOAPAction header in order to prevent processing
based on this potentially unsecured value.
5. SOAP Message Security
This section of the Profile incorporates the following specifications by
reference, and defines extensibility points within them:
5.1 Security Tokens
The following specifications (or sections thereof) are referred to in this
section of the Profile:
This Profile places the following constraints on
the use of Security Tokens:
5.1.1 Binary Security Token
EncodingType Attribute
Base64Binary is the only encoding type
specified by Web Services Security: SOAP Message Security. Explicit
specification of default values simplifies XML processing requirements.
R3029 A
SECURITY_TOKEN named
wsse:BinarySecurityToken MUST specify an EncodingType attribute.
R3030 An
EncodingType attribute of a SECURITY_TOKEN
named wsse:BinarySecurityToken MUST have a value of
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary".
A BinarySecurityToken may specify its
encoding type. The Profile restricts the encoding type to Base64Binary and
requires its explicit specification.
For example,
INCORRECT:
<!-- This example is incorrect because the wsse:BinarySecurityToken element is missing an EncodingType attribute -->
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
CORRECT:
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
5.1.2 Binary Security Token
ValueType Attribute
There is no appropriate default for
ValueType.
R3031 A
SECURITY_TOKEN named
wsse:BinarySecurityToken MUST specify a ValueType attribute.
R3032 An
ValueType attribute of a SECURITY_TOKEN
named wsse:BinarySecurityToken MUST have a value specified by the related
security token profile.
R3033 A
SECURITY_TOKEN named
wsse:BinarySecurityToken containing a single X.509 Certificate MUST specify a
ValueType attribute with the value
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509".
Web Services Security: SOAP Message
Security allows for a BinarySecurityToken to optionally specify its ValueType.
The Profile restricts the ValueType to one of those specified by a security
token profile and requires its specification.
For example,
INCORRECT:
<!-- This example is incorrect because the wsse:BinarySecurityToken element is missing a ValueType attribute -->
<wsse:BinarySecurityToken wsu:Id='SomeCert'
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
INCORRECT:
<!-- This example is incorrect because the ValueType attribute on the wsse:BinarySecurityToken element has an incorrect value. -->
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://www.mta.org/NYC#SubwayToken"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
CORRECT:
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
5.2 SecurityTokenReferences
The following specifications (or sections thereof) are referred to in this
section of the Profile:
Web Services Security: SOAP Message Security
defines a wsse:SecurityTokenReference element for use in SOAP messages. This
Profile places the following constraints on its use:
5.2.1 Internal References
Reference by Key Identifier may be
ambiguous.
R3022 When
a SECURITY_TOKEN_REFERENCE references an
INTERNAL_SECURITY_TOKEN which has a wsu:Id attribute, the reference MUST use
either a Direct Reference or an Embedded Reference.
Direct and Embedded are preferred over
Key Identifier References.
For example,
INCORRECT:
<!-- This example is incorrect because it refers to a wsse:BinarySecurityToken element which specifies a wsu:id
attribute using a wsse:KeyIdentifier element rather than a wsse:Reference or wsse:Embedded element -->
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#X509SubjectKeyIdentifier">
MIGfMa0GCSq
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</wsse:Security>
CORRECT:
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<wsse:SecurityTokenReference>
<wsse:Reference URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</wsse:Security>
CORRECT:
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<wsse:SecurityTokenReference>
<wsse:Embedded wsu:Id="TheEmbeddedElementAroundSomeCert">
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
</wsse:Embedded>
</wsse:SecurityTokenReference>
</wsse:Security>
5.2.2 Shorthand XPointer References
Constraining the number of different
referencing mechanisms reduces complexity and thus improves interoperability.
The wsse:BinarySecurityToken, the element which contains the security token, has
a wsu:Id attribute allowing references to this token to use Shorthand XPointers.
R5204 When
a SECURITY_TOKEN_REFERENCE uses a Direct
Reference to an INTERNAL_SECURITY_TOKEN, it MUST use a Shorthand XPointer
Reference.
For example,
CORRECT:
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' />
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
XZEEVABD3L9G+VNTCDiDTE7WB1a4kILtz5f9FT747eE=
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</wsse:Security>
CORRECT:
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<rel:license xmlns:rel='urn:mpeg:mpeg21:2003:01-REL-R-NS'
wsu:Id='SomeLic'
licenseId='uuid:3D680C71-177B-40cc-84C1-123B02503524' >
. . .
</rel:license>
<ds:Signature>
. . .
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI='#SomeLic'
ValueType="http://docs.oasis-open.org/wss/2004/##/oasis-####-wss-REL-token-profile-1.0#license" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
5.2.3 References to Preceding
Security Tokens
Ensuring that a security token appears
before it is referenced means that the implementations already have the token in
hand when it is needed to verify a signature or perform decryption.
R5205 An
INTERNAL_SECURITY_TOKEN MUST precede the
first SECURITY_TOKEN_REFERENCE that references it.
Any wsse:BinarySecurityToken element must
appear before a referencing wsse:SecurityTokenReference element in document
order.
For example,
INCORRECT:
<!-- This example is incorrect because the wsse:BinarySecurityToken with the wsu:Id of SomeCert appears after it is
referenced from within the xenc:EncryptedKey element -->
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' />
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
XZEEVABD3L9G+VNTCDiDTE7WB1a4kILtz5f9FT747eE=
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
</wsse:Security>
CORRECT:
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' />
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
XZEEVABD3L9G+VNTCDiDTE7WB1a4kILtz5f9FT747eE=
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</wsse:Security>
5.2.4 Direct
Preferred to Embedded for Internal References
Since multiple security elements may
reference a single token and processing of those elements may result in the
removal of the element, consistent use of direct rather than embedded references
simplifies processing.
R3023 Each
SECURITY_TOKEN_REFERENCE that refers to an
INTERNAL_SECURITY_TOKEN that is referenced several times SHOULD be a direct
reference rather than an embedded reference.
Direct references are encouraged.
Embedded references are discouraged.
For example,
INCORRECT:
<!-- This example is incorrect because it uses a wsse:Embedded element for the wsse:BinarySecurityToken
with the wsu:Id of SomeCert. It is assumed that this token is referred to from several places elsewhere
in the SOAP envelope ( not shown ) -->
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<wsse:SecurityTokenReference>
<wsse:Embedded wsu:Id="TheEmbeddedElementAroundSomeCert">
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
</wsse:Embedded>
</wsse:SecurityTokenReference>
</wsse:Security>
CORRECT:
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<wsse:SecurityTokenReference>
<wsse:Reference URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</wsse:Security>
5.2.5 Direct
Required When Possible for External References
R3024 When
a SECURITY_TOKEN_REFERENCE references an
EXTERNAL_SECURITY_TOKEN that can be referred to using a Direct Reference, a
Direct Reference MUST be used.
For example,
CORRECT:
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<wsse:SecurityTokenReference>
<wsse:Reference URI='http://www.ws-i.org/CertStore/Examples/BSP.PEM'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</wsse:Security>
R3025 When
a wsse:Embedded element in a SECURITY_TOKEN_REFERENCE is used to specify an
inline INTERNAL_SECURITY_TOKEN, its format MUST be the same as if the token were
a child of a SECURITY_HEADER.
For example,
INCORRECT:
<!-- This example is incorrect because the wsse:Embedded element carries the data for the X.509 certificate
directly rather than as a wsse:BinarySecurityToken element -->
<wsse:SecurityTokenReference>
<wsse:Embedded wsu:Id="SomeCert">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:Embedded>
</wsse:SecurityTokenReference>
CORRECT:
<wsse:SecurityTokenReference>
<wsse:Embedded wsu:Id="TheEmbeddedElementAroundSomeCert">
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
</wsse:Embedded>
</wsse:SecurityTokenReference>
5.2.7 Key Identifier for External
References
R3026 When
a SECURITY_TOKEN_REFERENCE references an
EXTERNAL_SECURITY_TOKEN that cannot be referred to using a Direct Reference but
can be referred to using a Key Identifier or ds:X509Data/ds:X509IssuerSerial, a
Key Identifier or ds:X509Data/ds:X509IssuerSerial MUST be used.
For example,
CORRECT:
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#X509SubjectKeyIdentifier" >
MIGfMa0GCSq
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
CORRECT:
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=Security WG, OU=BSP, O=WS-I, C=US</ds:X509IssuerName>
<ds:X509IssuerSerial>54A4E9</ds:X509IssuerSerial>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
5.2.8 Key Name References Prohibited
R3027 A
SECURITY_TOKEN_REFERENCE MUST NOT use a Key
Name to reference a SECURITY_TOKEN.
For example,
INCORRECT:
<!-- This example is incorrect because it uses a ds:KeyName element to refer to an X.509 certificate -->
<wsse:SecurityTokenReference>
<ds:KeyName>CN=Security WG, OU=BSP, O=WS-I, C=US</ds:KeyName>
</wsse:SecurityTokenReference>
5.2.9 KeyIdentifier/@ValueType
Attribute
R3054 A
wsse:KeyIdentifier element in a SECURITY_TOKEN_REFERENCE MUST specify a ValueType
attribute.
R3063 A
ValueType attribute on a wsse:KeyIdentifier element in a SECURITY_TOKEN_REFERENCE MUST have a value
specified within the security token profile associated with the referenced
SECURITY_TOKEN.
For example,
INCORRECT:
<!-- This example is incorrect because the wsse:KeyIdentifier element is missing a ValueType attribute -->
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
MIGfMa0GCSq
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
CORRECT:
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#X509SubjectKeyIdentifier" >
MIGfMa0GCSq
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
5.2.10 Children of wsse:Embedded
R3055 A
wsse:Embedded element in a SECURE_ENVELOPE
MUST NOT contain a wsse:SecurityTokenReference child element.
R3060 A
wsse:Embedded element in a SECURE_ENVELOPE
MUST contain a single child element for a security token from a token profile.
For example,
INCORRECT:
<!-- This example is incorrect because the wsse:Embedded element contains a wsse:SecurityTokenReference element -->
<wsse:SecurityTokenReference>
<wsse:Embedded wsu:Id="TheEmbeddedElementAroundSomeSTR">
<wsse:SecurityTokenReference>
<wsse:Reference URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</wsse:Embedded>
</wsse:SecurityTokenReference>
INCORRECT:
<!-- This example is incorrect because the wsse:Embedded element has multiple element children -->
<wsse:SecurityTokenReference>
<wsse:Embedded wsu:Id="TheEmbeddedElementAroundSomeCerts">
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<wsse:BinarySecurityToken wsu:Id='SomeOtherCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
</wsse:Embedded>
</wsse:SecurityTokenReference>
CORRECT:
<wsse:SecurityTokenReference>
<wsse:Embedded wsu:Id="TheEmbeddedElementAroundSomeCert">
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
</wsse:Embedded>
</wsse:SecurityTokenReference>
5.2.11
Reference from wsse:SecurityTokenReference to wsse:SecurityTokenReference
R3056 A
SECURITY_TOKEN_REFERENCE MUST NOT use a
Direct Reference to another SECURITY_TOKEN_REFERENCE that does not have a
wsse:Embedded child element.
R3064 When
a SECURITY_TOKEN_REFERENCE uses a Direct
Reference to an INTERNAL_SECURITY_TOKEN contained within an wsse:Embedded
element of another SECURITY_TOKEN_REFERENCE, the reference MUST be to the
contained INTERNAL_SECURITY_TOKEN not to the wsse:Embedded element.
For example,
INCORRECT:
<!-- This example is incorrect because the second wsse:SecurityTokenReference element refers to the
wsse:SecurityTokenReference with an wsu:Id of TheFirstSTR -->
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<wsse:SecurityTokenReference wsu:Id="TheFirstSTR">
<wsse:Reference URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
<wsse:SecurityTokenReference>
<wsse:Reference URI='#TheFirstSTR'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
CORRECT:
<wsse:SecurityTokenReference>
<wsse:Embedded wsu:Id="TheEmbeddedElementAroundSomeCert">
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
</wsse:Embedded>
</wsse:SecurityTokenReference>
<wsse:SecurityTokenReference>
<wsse:Reference URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
5.2.12
wsse:SecurityTokenReference/Reference ValueType Attribute
R3059 A
wsse:Reference element in a SECURITY_TOKEN_REFERENCE MUST specify a ValueType
attribute.
R3058 A
wsse:Reference element in a SECURITY_TOKEN_REFERENCE MUST specify a ValueType
attribute that matches any ValueType specified by a token profile for the the
referenced SECURITY_TOKEN.
5.2.13
wsse:SecurityTokenReference constraints
R3061 A
SECURITY_TOKEN_REFERENCE MUST have exactly
one child element.
R3062 A
wsse:Reference element in a SECURITY_TOKEN_REFERENCE MUST specify a URI
attribute.
R3065 When
a SIGNATURE uses the SecurityTokenReference
Dereferencing Transform, the ds:CanonicalizationMethod element MUST be present
and wrapped in a wsse:TransformationParameters element.
5.3 Timestamps
The following specifications (or sections thereof) are referred to in this
section of the Profile:
Web Services Security: SOAP Message
Security defines a Timestamp element for use in SOAP messages. This Profile
places the following constraints on its use:
5.3.1 wsu:Timestamp/wsu:Created
The wsu:Created element represents the
creation time of the security semantics. This element is REQUIRED and can only
be specified once in a Timestamp element. Within the SOAP processing model,
creation is the instant that the Infoset is serialized for transmission.
R3203 A
TIMESTAMP MUST have exactly one wsu:Created
element child.
For example,
INCORRECT:
<!-- This example is incorrect because the wsu:Timestamp element is missing a wsu:Created child element -->
<wsu:Timestamp wsu:Id="timestamp">
<wsu:Expires>2001-10-13T09:00:00Z</wsu:Expires>
</wsu:Timestamp>
CORRECT:
<wsu:Timestamp wsu:Id="timestamp">
<wsu:Created>2001-09-13T08:42:00Z</wsu:Created>
<wsu:Expires>2001-10-13T09:00:00Z</wsu:Expires>
</wsu:Timestamp>
5.3.2
Occurence constraints on wsu:Created and wsu:Expires
R3223 A
TIMESTAMP MUST NOT contain more than one
wsu:Created element.
R3224 A
TIMESTAMP MUST NOT contain more than one
wsu:Expires element.
R3221 If a
TIMESTAMP contains both a wsu:Created
element and a wsu:Expires element they MUST appear in the order: wsu:Created
then wsu:Expires.
5.3.3 Value constraints
on wsu:Created and wsu:Expires
R3213 A
TIMESTAMP MUST NOT include wsu:Created or
wsu:Expires values that specify leap seconds.
R3225 A
wsu:Created element within a TIMESTAMP MUST
NOT include a ValueType attribute.
R3226 A
wsu:Expires element within a TIMESTAMP MUST
NOT include a ValueType attribute.
R3217 A
TIMESTAMP MUST only contain time instants in
UTC format as specified by the XML Schema type (dateTime).
R3218 A
SECURITY_HEADER MUST NOT contain a
wsu:timestamp that is not its immediate child.
R3219 A
SECURITY_HEADER MUST NOT contain more than
one TIMESTAMP.
5.4 wsu:Id References
The following specifications (or sections thereof) are referred to in this
section of the Profile:
Web Services Security: SOAP Message
Security defines a wsu:Id element for use in SOAP messages. This Profile places
the following constraints on its use:
5.4.1 wsu:Id Attribute Uniqueness
R3204 Two
wsu:Id attributes within any SECURE_ENVELOPE
MUST NOT have the same value.
5.5 wsse:Security Processing Order
The following specifications (or sections thereof) are referred to in this
section of the Profile:
Web Services Security: SOAP Message
Security defines the order for processing signature and encryption blocks within
wsse:Security headers. This Profile provides the following guidance:
5.5.1 Order of Processing
R3212
Within a SECURITY_HEADER, all SIGNATURE,
ENCRYPTED_KEY, and ENCRYPTION_REFERENCE_LIST elements MUST be ordered so a
receiver will get the correct result by processing the elements in the order
they appear.
5.6 SOAP Actor
The following specifications (or sections thereof) are referred to in this
section of the Profile:
SOAP defines an actor attribute for use
in SOAP headers. This Profile places the following constraints on its use:
5.6.1 SOAP Actor Value
R3206
Within a SECURE_ENVELOPE there MUST be at
most one SECURITY_HEADER with the actor attribute omitted.
R3210
Within a SECURE_ENVELOPE there MUST be at
most one SECURITY_HEADER with the same actor attribute value.
6. Username Token Profile
This section of the Profile incorporates the following specifications by
reference:
6.1 Token Usage
6.1.1
wsse:UsernameToken/wsse:Password/@Type
To avoid ambiguity, the Type attribute
must always be specified on the wsse:Password element of a
wsse:UsernameToken
R4201 A
wsse:UsernameToken/wsse:Password element in a SECURITY_HEADER MUST specify a Type attribute.
For example,
INCORRECT:
<!-- This example is incorrect because the wsse:Password element is missing a Type attribute with a value of
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText -->
<wsse:UsernameToken
xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >
<wsse:Username>Bert</wsse:Username>
<wsse:Password>Ernie</wsse:Password>
</wsse:UsernameToken>
INCORRECT:
<
<!-- This example is incorrect because the wsse:Password element is missing a Type attribute with a value of
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest -->
<wsse:UsernameToken
xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >
<wsse:Username>Bert</wsse:Username>
<wsse:Password>B5twk47KwSrjeg==</wsse:Password>
</wsse:UsernameToken>
CORRECT:
<wsse:UsernameToken
xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >
<wsse:Username>Bert</wsse:Username>
<wsse:Password
Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>
Ernie
</wsse:Password>
</wsse:UsernameToken>
CORRECT:
<wsse:UsernameToken xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >
<wsse:Username>Bert</wsse:Username>
<wsse:Password
Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest'>
B5twk47KwSrjeg==
</wsse:Password>
</wsse:UsernameToken>
6.1.2 PasswordDigest
R4212 When
a wsse:Password element with a Type attribute with a value of
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"
is used within a SECURITY_TOKEN, its value
MUST be computed using the following formula, where "+" indicates concatenation:
Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) ). That is,
concatenate the nonce, creation timestamp, and the password (or shared secret or
password equivalent), digest the combination using the SHA-1 hash algorithm,
then include the Base64 encoding of that result as the password (digest). Any
elements that are not present are simply omitted from the concatenation.
6.1.3 ValueType attribute
R4214 When
a SECURITY_TOKEN named wsse:UsernameToken is referenced by a SECURITY_TOKEN_REFERENCE then the
wsse:SecurityTokenReference/wsse:Reference/@ValueType attribute MUST have a
value of
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#UsernameToken".
6.1.4 Reference by KeyIdentifier
R4215 When
a SECURITY_TOKEN_REFERENCE refers to a
wsse:UsernameToken, a KeyIdentifier reference MUST NOT be used.
6.1.5 Key Derivation
The Username Token profile does not
currently define a key derivation algorithm. The OASIS WSS TC is expected to
address this issue sometime in the future.
6.1.6 Sign UsernameToken
C4210 Any
SECURITY_TOKEN named wsse:UsernameToken that
contains a wsse:Nonce element and a wsse:Password element with a Type attribute
value of
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"
SHOULD be referenced by a ds:Reference in a SIGNATURE in order to prevent
replay.
C4211 Any
SECURITY_TOKEN named wsse:UsernameToken that
contains a wsu:Created element and a wsse:Password element with a Type attribute
value of
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"
SHOULD be referenced by a ds:Reference in a SIGNATURE in order to prevent
replay.
7. X.509 Certificate Token Profile
This section of the Profile incorporates the following specifications by
reference, and defines extensibility points within them:
7.1 Token Types
The following specifications (or sections thereof) are referred to in this
section of the Profile:
Web Services Security: X.509 Token
Profile defines 3 token types: X509v3; x509PKIPathv1; and PKCS7. This Profile
places the following constraints on their use:
7.1.1 Certificate Path
Interoperability issues may arise if
different forms of certificate path information are used when not expected.
X509PKIPathv1 is preferred because it allows more efficient certificate path
processing. PKCS7 is a more mature and widely implemented standard so it is also
allowed.
R5201 When
certificate path information is provided, a SENDER MUST provide one of the X509PKIPathv1 or
PKCS7 token types.
R5202 When
certificate path information is provided, a SENDER SHOULD provide the X509PKIPathv1 token
type.
R5203 When
certificate path information is provided, a RECEIVER MUST accept X509PKIPathv1 and PKCS7 token
types.
7.1.2 KeyIdentifier
R5206 When
the wsse:KeyIdentifier element is used within a SECURITY_TOKEN_REFERENCE to specify a reference to
an X.509 Certificate Token, the wsse:KeyIdentifier element MUST have ValueType
attribute with the value
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#X509SubjectKeyIdentifier
and its contents MUST be the value of the certificate's X.509
SubjectKeyIdentifier extension.
8. XML-Signature
Web Services Security: SOAP Message
Security builds on XML Signature, defining usage of various elements from XML
Signature and a processing model. This Profile places the constraints defined in
this section on the use of XML Signature with Web Services Security: SOAP
Message Security. This Profile places no constraints on other use of XML
Signature.
This section of the Profile incorporates the following specifications by
reference:
8.1 General Constraints on XML Signature
8.1.1 Types of Signatures
Due to the nature of the SOAP processing
model, which is based on recognising the elements that are children of
soap:Header and/or soap:Body, use of enveloping signatures, where the signed XML
is encapsulated in a ds:Signature element, is inappropriate. Enveloped
signatures, where the ds:Signature element is a descendant of the signed
element, limit the ability of intermediaries to process messages and should be
avoided unless said limitation is the desired effect.
R3102 A
SIGNATURE MUST NOT be an Enveloping
Signature as defined by the XML Signature specification.
R3103 A
SIGNATURE SHOULD be a Detached Signature as
defined by the XML Signature specification.
R3104 A
SIGNATURE SHOULD NOT be an Enveloped
Signature as defined by the XML Signature Specification.
Detached signatures are encouraged.
Enveloped signatures are discouraged. Enveloping signatures are not allowed.
For example,
INCORRECT:
<!-- This example is incorrect because it contains an enveloping signature around the SomeSecurityToken element -->
<ds:Signature Id='TheSig' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#" '>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#' PrefixList='wsse soap' />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1' />
<ds:Reference URI='#SigPropBody'>
<ds:Transforms>
<ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#' PrefixList='' />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' />
<ds:DigestValue>i3qi5GjhHnfoBn/jOjQp2mq0Na4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>oxNwoqGbzqg1YBliz+PProgcjw8=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<ds:Object>
<ds:SignatureProperties>
<ds:SignatureProperty Id='SigPropBody' Target='#TheSig'>
<SomeSecurityToken/>
</ds:SignatureProperty>
</ds:SignatureProperties>
</ds:Object>
</ds:Signature>
CORRECT:
<ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#" '>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='wsse soap' />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1' />
<ds:Reference URI='#TheBody'>
<ds:Transforms>
<ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='soap wsu m' />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' />
<ds:DigestValue>i3qi5GjhHnfoBn/jOjQp2mq0Na4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>PipXJ2Sfc+LTDnq4pM5JcIYt9gg=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
8.2 Element References in XML Signature
The following specifications (or sections thereof) are referred to in this
section of the Profile:
Element references are used to specify
which portions of a SECURE_ENVELOPE are integrity protected. This Profile places
the following constraints on the use of element references:
8.2.1 Reference to Elements
by Shorthand XPointer
R3001 When
a ds:Reference in a SIGNATURE refers to an
element that carries a wsu:Id attribute or a Local ID attribute defined by XML
Signature or XML Encryption, a Shorthand XPointer Reference MUST be used to
refer to that element.
R3003 When
a ds:Reference/@URI in a SIGNATURE is a
Shorthand XPointer Reference to an XML Signature element, the reference value
MUST be a Local ID defined by XML Signature.
R3004 When
a ds:Reference/@URI in a SIGNATURE is a
Shorthand XPointer Reference to an XML Encryption element, the reference value
MUST be a Local ID defined by XML Encryption.
R3005 When
a ds:Reference/@URI in a SIGNATURE is a
Shorthand XPointer Reference to an element not defined by XML Signature or XML
Encryption, the reference value SHOULD be a wsu:Id.
8.2.2 Reference to Elements by
XPath Expression
Elements that do not have an attribute of
type ID cannot be refered to by Shorthand XPointer References so a different
referencing mechanism is needed. The XPath Filter 2.0 transform is more
efficient than the original XPath transform from XML Digital Signature Syntax
and Processing.
R3002 When
referring to an element in a SECURE_ENVELOPE that does NOT carry an attribute of
type ID from a ds:Reference in a SIGNATURE
the XPath Filter 2.0 Transform (http://www.w3.org/2002/06/xmldsig-filter2) MUST
be used to refer to that element.
For example,
INCORRECT:
<!-- This example is incorrect because it uses the http://www.w3.org/TR/1999/REC-xpath-19991116 transform
to reference the Body which contains an ID attribute -->
<soap:Envelope xmlns:soap='http://schemas.xmlsoap.org/soap/envelope' >
<soap:Header>
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#" '>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='wsse soap wsu' />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1' />
<ds:Reference URI=''>
<ds:Transforms>
<ds:Transform Algorithm='http://www.w3.org/TR/1999/REC-xpath-19991116'>
<ds:XPath>/soap:Envelope/soap:Body/*</ds:XPath>
</ds:Transform>
<ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='soap wsu m' />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' />
<ds:DigestValue>VEPKwzfPGOxh2OUpoK0bcl58jtU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>+diIuEyDpV7qxVoUOkb5rj61+Zs=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
wsu:Id='TheBody'>
<m:SomeElement xmlns:m='http://example.org/ws' />
</soap:Body>
</soap:Envelope>
CORRECT:
<soap:Envelope xmlns:soap='http://schemas.xmlsoap.org/soap/envelope' >
<soap:Header>
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#" '>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='wsse soap wsu' />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1' />
<ds:Reference URI=''>
<ds:Transforms>
<ds:Transform Algorithm='http://www.w3.org/2002/06/xmldsig-filter2'
xmlns:dsxp='http://www.w3.org/2002/06/xmldsig-filter2'>
<dsxp:XPath Filter='intersect'>/soap:Envelope/soap:Body/*</dsxp:XPath>
</ds:Transform>
<ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='soap wsu m' />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' />
<ds:DigestValue>VEPKwzfPGOxh2OUpoK0bcl58jtU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>+diIuEyDpV7qxVoUOkb5rj61+Zs=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
wsu:Id='TheBody'>
<m:SomeElement xmlns:m='http://example.org/ws' />
</soap:Body>
</soap:Envelope>
8.3 XML Signature Algorithms
8.3.1 Use Exclusive C14N
The use of Exclusive Canonicalization
with c14n:InclusiveNamespaces/@Prefix addresses problems with both Inclusive
Canonicalization and Exclusive Canonicalization without
c14n:InclusiveNamespaces/@Prefix.
R5404 Any
ds:CanonicalizationMethod/@Algorithm attribute in a SIGNATURE MUST have a value of
"http://www.w3.org/2001/10/xml-exc-c14n#" indicating that is uses Exclusive C14N
without comments for canonicalization.
R5406 Any
ds:CanonicalizationMethod element within a SIGNATURE that has an @Algorithm attribute whose
value is "http://www.w3.org/2001/10/xml-exc-c14n#" MUST have a
c14n:InclusiveNamespaces child element with an @PrefixList attribute.
R5407 Any
ds:Transform element within a SIGNATURE that
has an @Algorithm attribute whose value is
"http://www.w3.org/2001/10/xml-exc-c14n#" MUST have a c14n:InclusiveNamespaces
child element with an @PrefixList attribute.
R5405 Any
c14n:InclusiveNamespaces/@PrefixList attribute within a SIGNATURE MUST contain the prefix of all in-scope
namespaces for the element being signed and its descendants that are not visibly
utilized, per Exclusive XML Canonicalization Version 1.0.
R5408 Any
c14n:InclusiveNamespaces/@PrefixList attribute within a SIGNATURE MUST contain the string "#default" if a
default namespace is in-scope for the element being signed but is not visibly
utilized, per Exclusive XML Canonicalization Version 1.0.
For example,
INCORRECT:
<!-- This example is incorrect because it uses the http://www.w3.org/TR/2001/REC-xml-c14n-20010315
canonicalization algorithm -->
<ds:CanonicalizationMethod Algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315' />
INCORRECT:
<!-- This example is incorrect because the ds:CanonicalizationMethod elements are missing a c14n:InclusiveNamespaces child element -->
<ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#" ' />
INCORRECT:
<!-- This example is incorrect because the PrefixList of the first c14n:InclusiveNamespaces element does not contain the
correct list of prefixes. It should contain the soap and wsu prefixes in addition to the wsse prefix. -->
<soap:Envelope xmlns:soap='http://schemas.xmlsoap.org/soap/envelope' >
<soap:Header>
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#" '>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='wsse' />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1' />
<ds:Reference URI='#TheBody'>
<ds:Transforms>
<ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='soap wsu m' />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' />
<ds:DigestValue>VEPKwzfPGOxh2OUpoK0bcl58jtU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>+diIuEyDpV7qxVoUOkb5rj61+Zs=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
wsu:Id='TheBody'>
<m:SomeElement xmlns:m='http://example.org/ws' />
</soap:Body>
</soap:Envelope>
CORRECT:
<soap:Envelope xmlns:soap='http://schemas.xmlsoap.org/soap/envelope' >
<soap:Header>
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#" '>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='wsse soap wsu' />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1' />
<ds:Reference URI='#TheBody'>
<ds:Transforms>
<ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='soap wsu m' />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' />
<ds:DigestValue>VEPKwzfPGOxh2OUpoK0bcl58jtU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>+diIuEyDpV7qxVoUOkb5rj61+Zs=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
wsu:Id='TheBody'>
<m:SomeElement xmlns:m='http://example.org/ws' />
</soap:Body>
</soap:Envelope>
Canonicalization is critical to ensuring
signatures are processed correctly, thus each ds:Reference will need at least
one ds:Transform to specify the Exclusive C14N Canonicalization transform or a
transform which itself incorporates Exclusive C14N Canonicalization.
R5410 Any
ds:Reference element in a SIGNATURE MUST
have a ds:Transforms child element.
R5411 Any
ds:Transforms element in a SIGNATURE MUST
have at least one ds:Transform child element.
R5412 Any
ds:Transforms element in a SIGNATURE MUST
have as its last child a ds:Transform element which specifies Exclusive C14N
Canonicalization as its output.
For example,
INCORRECT:
<!-- This example is incorrect because the ds:Reference element does not have a ds:Transforms child element -->
<ds:Reference URI='#TheBody'>
<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' />
<ds:DigestValue>VEPKwzfPGOxh2OUpoK0bcl58jtU=</ds:DigestValue>
</ds:Reference>
CORRECT:
<ds:Reference URI='#TheBody'>
<ds:Transforms>
<ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='' />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' />
<ds:DigestValue>+VTJraRYFT3pl7Z4uAWhmr5+bf4=</ds:DigestValue>
</ds:Reference>
8.3.3 Permitted algorithms
These algorithms are chosen for their
cryptographic strength, utility or because they address some security concern.
R5420 Any
ds:DigestMethod/@Algorithm element in a SIGNATURE MUST have the value
"http://www.w3.org/2000/09/xmldsig#sha1"
R5421 Any
ds:SignatureMethod/@Algorithm element in a SIGNATURE based on a symmetric key MUST have the
value "http://www.w3.org/2000/09/xmldsig#hmac-sha1"
R5422 Any
ds:SignatureMethod/@Algorithm element in a SIGNATURE based on an asymmetric key MUST have the
value "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
R5423 Any
ds:Transform/@Algorithm attribute in a SIGNATURE MUST have a value of
"http://www.w3.org/2001/10/xml-exc-c14n#" or
"http://www.w3.org/2002/06/xmldsig-filter2" or
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform"
or "http://www.w3.org/2000/09/xmldsig#enveloped-signature" or
"http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only-Transform"
or
"http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Complete-Transform"
For example,
CORRECT:
<soap:Envelope xmlns:soap='http://schemas.xmlsoap.org/soap/envelope' >
<soap:Header>
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<xenc:EncryptedKey xmlns:xenc='http://www.w3.org/2001/04/xmlenc#' >
<xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' />
<ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<wsse:SecurityTokenReference>
<wsse:Reference
URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
XZEEVABD3L9G+VNTCDiDTE7WB1a4kILtz5f9FT747eE=
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#" '>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='wsse soap' />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#hmac-sha1' />
<ds:Reference URI='#TheBody'>
<ds:Transforms>
<ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='' />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' />
<ds:DigestValue>+VTJraRYFT3pl7Z4uAWhmr5+bf4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>+diIuEyDpV7qxVoUOkb5rj61+Zs=</ds:SignatureValue>
</ds:Signature>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
wsu:Id='TheBody'>
<m:SomeElement xmlns:m='http://example.org/ws' />
</soap:Body>
</soap:Envelope>
CORRECT:
<soap:Envelope xmlns:soap='http://schemas.xmlsoap.org/soap/envelope' >
<soap:Header>
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#" '>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='wsse soap' />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1' />
<ds:Reference URI='#TheBody'>
<ds:Transforms>
<ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='' />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' />
<ds:DigestValue>+VTJraRYFT3pl7Z4uAWhmr5+bf4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>+diIuEyDpV7qxVoUOkb5rj61+Zs=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
wsu:Id='TheBody'>
<m:SomeElement xmlns:m='http://example.org/ws' />
</soap:Body>
</soap:Envelope>
Editors' note:Update the SwA Profile URIs when
final.
8.4 XML Signature Syntax
XML-Signature Syntax and Processing
defines many elements and attributes. This Profile places the following
constraints on the syntax of signatures:
8.4.1 ds:HMACOutputLength
The ds:HMACOutputLength provides an input
parameter to the HMAC-SHA1 algorithm specifying how many bits of the output to
use. Disallowing use of this element results in ALL the bits of the output being
used.
R5401 The
ds:HMACOutputLength element MUST NOT appear in a SIGNATURE.
For example,
INCORRECT:
<!-- This example is incorrect because the ds:SignatureMethod element has a ds:HMACOutputLength child element -->
<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#hmac-sha1'>
<ds:HMACOutputLength>128</ds:HMACOutputLength>
</ds:SignatureMethod>
CORRECT:
<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#hmac-sha1' />
8.4.2 ds:KeyInfo
The ds:KeyInfo element allows for many
different child elements. This profile mandates a single element and restricts
the list to wsse:SecurityTokenReference, which is needed to reference security
tokens, and ds:MgmtData, which is needed to include inline unencrypted key info.
The latter would only be used when tranmission occurs over a secure transport.
R5402 A
ds:KeyInfo element in a SIGNATURE MUST have
exactly one child element.
R5424 A
ds:KeyInfo element in an ENCRYPTED_KEY MUST
have exactly one child element.
R5425 A
ds:KeyInfo element in an ENCRYPTED_DATA MUST
have exactly one child element.
R5409 The
child element of a ds:KeyInfo element in a SIGNATURE MUST be either a
SECURITY_TOKEN_REFERENCE or a ds:MgmtData element.
R5426 The
child element of a ds:KeyInfo element in an ENCRYPTED_KEY MUST be either a
SECURITY_TOKEN_REFERENCE or a ds:MgmtData element.
R5427 The
child element of a ds:KeyInfo element in an ENCRYPTED_DATA MUST be either a
SECURITY_TOKEN_REFERENCE or a ds:MgmtData element.
R5428 The
child element of a ds:KeyInfo element in a SIGNATURE MUST be a SECURITY_TOKEN_REFERENCE if
the ds:KeyInfo refers to a SECURITY_TOKEN.
R5429 The
child element of a ds:KeyInfo element in a ENCRYPTED_KEY MUST be a SECURITY_TOKEN_REFERENCE
if the ds:KeyInfo refers to a SECURITY_TOKEN.
R5430 The
child element of a ds:KeyInfo element in a ENCRYPTED_DATA MUST be a SECURITY_TOKEN_REFERENCE
if the ds:KeyInfo refers to a SECURITY_TOKEN.
For example,
CORRECT:
<ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<wsse:SecurityTokenReference>
<wsse:Reference URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
CORRECT:
<ds:KeyInfo>
<ds:MgmtData>eMtKYL5PbZ59pu/zKtFkwQod0kA=</ds:MgmtData>
</ds:KeyInfo>
8.4.3 ds:Manifest
The ds:Manifest element is designed for
specific application level use cases that do not apply to the use of XML
Signature in SOAP Message Security.
R5403 A
SIGNATURE MUST NOT contain a ds:Manifest
element.
For example,
INCORRECT:
<!-- This example is incorrect because the ds:Signature element has a ds:Manifest grandchild element -->
<ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#" '>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='wsse soap' />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1' />
<ds:Reference URI='#TheManifest'>
<ds:Transforms>
<ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='' />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' />
<ds:DigestValue>OVuYKGY6KCGB0l0XHS3krj8vjek=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>L7X0Zw23/zYQnX4+Z+p0gCygKQ0=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<ds:Object>
<ds:Manifest Id='TheManifest'>
<ds:Reference URI='#TheBody'>
<ds:Transforms>
<ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'>
<c14n:InclusiveNamespaces xmlns:c14n='http://www.w3.org/2001/10/xml-exc-c14n#'
PrefixList='' />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' />
<ds:DigestValue>+VTJraRYFT3pl7Z4uAWhmr5+bf4=</ds:DigestValue>
</ds:Reference>
</ds:Manifest>
</ds:Object>
</ds:Signature>
8.5 Security Considerations
8.5.1 Sign Security Token
C5440 When
the signer's SECURITY_TOKEN is an INTERNAL_SECURITY_TOKEN, the SIGNATURE SHOULD include a ds:Reference the refers
to the signer's SECURITY_TOKEN in order to prevent substitution with another
SECURITY_TOKEN that uses the same key. C
C5441 When
the signer's SECURITY_TOKEN is an EXTERNAL_SECURITY_TOKEN, the SIGNATURE SHOULD include a ds:Reference that
refers to the SECURITY_TOKEN_REFERENCE that refers to the signer's
SECURITY_TOKEN using the Security Token Dereferencing Transform in order to
prevent substitution of another SECURITY_TOKEN that uses the same key. C
9. XML Encryption
Web Services Security: SOAP Message
Security builds on XML Encryption, defining usage of various elements from XML
Encryption and a processing model. This Profile places the constraints defined
in this section on the use of XML Encryption with Web Services Security: SOAP
Message Security. This Profile places no constraints on other use of XML
Encryption.
This section of the Profile incorporates the following specifications by
reference, and defines extensibility points within them:
9.1 XML Encryption Processing Model
9.1.1 xenc:ReferenceList
Some encryption steps might not produce
an xenc:ReferenceList. For those that do produce an xenc:ReferenceList, there
must be a separate xenc:ReferenceList for each such encryption step. When there
is a xenc:ReferenceList either as a child of wsse:Security or as a child of
xenc:EncryptedKey it must list all the corresponding xenc:EncryptedData elements
by using xenc:DataReference elements.
R3205 Each
ENCRYPTION_REFERENCE_LIST produced as part
of an encryption step MUST use a single key.
R3215 An
ENCRYPTION_REFERENCE_LIST MUST contain an
xenc:DataReference element for each ENCRYPTED_DATA produced in the associated
encryption step.
R3214 An
ENCRYPTED_KEY_REFERENCE_LIST MUST contain a
xenc:DataReference for each ENCRYPTED_DATA produced in the associated encryption
step.
9.1.2 xenc:EncryptedKey
To facilitate ease of processing, keys
are required to appear inside wsse:Security headers and to appear before they
are required for decryption of elements inside a wsse:Security header.
R3208 An
ENCRYPTED_KEY MUST precede any
ENCRYPTED_DATA referenced by the associated ENCRYPTED_KEY_REFERENCE_LIST.
For example,
INCORRECT:
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<xenc:EncryptedData Id='Enc1'>
<xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc' />
<xenc:CipherData>
<xenc:CipherValue>
9jFtYcLSlDZQBMjKfT7ctg6Jy+6sC8YORhiPeTvOjug7ozY2SRHGuLt8G/vf2f/f4IdF0ewiDOpq...
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' />
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
XZEEVABD3L9G+VNTCDiDTE7WB1a4kILtz5f9FT747eE=
</xenc:CipherValue>
<xenc:ReferenceList>
<xenc:DataReference URI='#Enc1' />
</xenc:ReferenceList>
</xenc:CipherData>
</xenc:EncryptedKey>
</wsse:Security>
CORRECT:
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' />
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
XZEEVABD3L9G+VNTCDiDTE7WB1a4kILtz5f9FT747eE=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI='#Enc1' />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<xenc:EncryptedData Id='Enc1'>
<xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc' />
<xenc:CipherData>
<xenc:CipherValue>
9jFtYcLSlDZQBMjKfT7ctg6Jy+6sC8YORhiPeTvOjug7ozY2SRHGuLt8G/vf2f/f4IdF0ewiDOpq...
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</wsse:Security>
9.2 XML Encryption Syntax
The following specifications (or sections thereof) are referred to in this
section of the Profile:
XML Encryption Syntax and Processing
defines many elements and attributes. This Profile places the following
constraints on their use:
9.2.1 Placement
R3216 Any
ENCRYPTED_KEY that is used in an encryption
step MUST contain a ENCRYPTED_KEY_REFERENCE_LIST.
For example,
INCORRECT:
<!-- This example is incorrect because the xenc:EncryptedKey element is missing an xenc:ReferenceList child element -->
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' />
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
XZEEVABD3L9G+VNTCDiDTE7WB1a4kILtz5f9FT747eE=
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<xenc:ReferenceList>
<xenc:DataReference URI='#Enc1' />
</xenc:ReferenceList>
<xenc:EncryptedData Id='Enc1'>
<xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc' />
<xenc:CipherData>
<xenc:CipherValue>
9jFtYcLSlDZQBMjKfT7ctg6Jy+6sC8YORhiPeTvOjug7ozY2SRHGuLt8G/vf2f/f4IdF0ewiDOpq...
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</wsse:Security>
CORRECT:
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' />
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
XZEEVABD3L9G+VNTCDiDTE7WB1a4kILtz5f9FT747eE=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI='#Enc1' />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<xenc:EncryptedData Id='Enc1'>
<xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc' />
<xenc:CipherData>
<xenc:CipherValue>
9jFtYcLSlDZQBMjKfT7ctg6Jy+6sC8YORhiPeTvOjug7ozY2SRHGuLt8G/vf2f/f4IdF0ewiDOpq...
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</wsse:Security>
9.2.2 xenc:EncryptedKey attributes
R3209 Any
ENCRYPTED_KEY MUST NOT specify a Type
attribute.
R5622 Any
ENCRYPTED_KEY MUST NOT specify a MimeType
attribute.
R5623 Any
ENCRYPTED_KEY MUST NOT specify a Encoding
attribute.
9.2.3 xenc:EncryptedData attributes
R5624 Any
ENCRYPTED_DATA MUST have an Id attribute.
9.2.4 References from
xenc:EncryptedData
R3211 Any
SECURITY_TOKEN_REFERENCE inside an ENCRYPTED_DATA MUST NOT reference a ds:KeyInfo
element.
9.2.5 xenc:EncryptionMethod
mandatory
R5601 Any
ENCRYPTED_DATA MUST have an
xenc:EncryptionMethod child element.
R5603 Any
ENCRYPTED_KEY MUST have an
xenc:EncryptionMethod child element.
For example,
INCORRECT:
<!-- This example is incorrect because the xenc:EncryptedKey element is missing an xenc:EncryptionMethod child element -->
<xenc:EncryptedKey>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
XZEEVABD3L9G+VNTCDiDTE7WB1a4kILtz5f9FT747eE=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI='#Enc1' />
</xenc:ReferenceList>
</xenc:EncryptedKey>
INCORRECT:
<!-- This example is incorrect because the xenc:EncryptedData element is missing an xenc:EncryptionMethod child element -->
<xenc:EncryptedData Id='Enc1'>
<xenc:CipherData>
<xenc:CipherValue>
9jFtYcLSlDZQBMjKfT7ctg6Jy+6sC8YORhiPeTvOjug7ozY2SRHGuLt8G/vf2f/f4IdF0ewiDOpq...
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
CORRECT:
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<wsse:BinarySecurityToken wsu:Id='SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509">
lui+Jy4WYKGJW5xM3aHnLxOpGVIpzSg4V486hHFe7sHET/uxxVBovT7JV1A2RnWSWkXm9jAEdsm/...
</wsse:BinarySecurityToken>
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' />
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
XZEEVABD3L9G+VNTCDiDTE7WB1a4kILtz5f9FT747eE=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI='#Enc1' />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<xenc:EncryptedData Id='Enc1'>
<xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc' />
<xenc:CipherData>
<xenc:CipherValue>
9jFtYcLSlDZQBMjKfT7ctg6Jy+6sC8YORhiPeTvOjug7ozY2SRHGuLt8G/vf2f/f4IdF0ewiDOpq...
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</wsse:Security>
9.2.6 xenc:EncryptedKey/@Recipient
R5602 Any
ENCRYPTED_KEY MUST NOT contain a Recipient
attribute.
For example,
INCORRECT:
<!-- This example is incorrect because the xenc:EncryptedKey element has a Recipient attribute -->
<xenc:EncryptedKey Recipient='Bert'>
<xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' />
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI='#SomeCert'
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
XZEEVABD3L9G+VNTCDiDTE7WB1a4kILtz5f9FT747eE=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI='#Enc1' />
</xenc:ReferenceList>
</xenc:EncryptedKey>
9.2.7
ds:KeyInfo/xenc:AgreementMethod prohibited
R5604 Any
ds:KeyInfo elements in a ENCRYPTED_KEY MUST
NOT have an xenc:AgreementMethod child element.
R5605 Any
ds:KeyInfo elements in a ENCRYPTED_DATA MUST
NOT have an xenc:AgreementMethod child element.
9.2.8 xenc:EncryptedData
R5606
Within a SECURE_ENVELOPE, encrypted element
or element content encrypted as a result of an encryption step MUST be replaced
by a corresponding ENCRYPTED_DATA.
9.2.9 SOAP Envelope
R5607 When
encryption is used, the SECURE_ENVELOPE MUST
still be a valid SOAP Envelope. Specifically, the Envelope, Header, or Body
elements MUST NOT be encrypted.
9.3 Element References in XML
Encryption
9.3.1 Reference to Elements
by Shorthand XPointer
R5608 When
referring from an xenc:DataReference or xenc:KeyReference in an ENCRYPTION_REFERENCE_LIST to an element that
carries a wsu:Id attribute or a Local ID attribute defined by either XML
Signature or XML Encryption, a Shorthand XPointer Reference MUST be used to
refer to that element.
R5613 When
referring from a an xenc:DataReference or xenc:KeyReference in an ENCRYPTED_KEY_REFERENCE_LIST to an element that
carries a wsu:Id attribute or a Local ID attribute defined by either XML
Signature or XML Encryption, a Shorthand XPointer Reference MUST be used to
refer to that element.
R3006 When
a xenc:DataReference/@URI or xenc:KeyReference/@URI in a ENCRYPTION_REFERENCE_LIST is a Shorthand XPointer
Reference to an XML Signature element, the reference value MUST be a Local ID
defined by XML Signature.
R3007 When
a xenc:DataReference/@URI or xenc:KeyReference in a ENCRYPTED_KEY_REFERENCE_LIST is a Shorthand
XPointer Reference to an XML Signature element, the reference value MUST be a
Local ID defined by XML Signature.
R5609 When
an xenc:DataReference/@URI or xenc:KeyReference/@URI in an ENCRYPTION_REFERENCE_LIST is a Shorthand XPointer
Reference to an XML Encryption element, the reference value MUST be a Local ID
defined by XML Encryption.
R5610 When
an xenc:DataReference/@URI or xenc:KeyReference/@URI in an ENCRYPTED_KEY_REFERENCE_LIST is a Shorthand
XPointer Reference to an XML Encryption element, the reference value MUST be a
Local ID defined by XML Encryption.
R5611 When
an xenc:DataReference/@URI or xenc:KeyReference/@URI in an ENCRYPTION_REFERENCE_LIST is a Shorthand XPointer
Reference to an element not defined by XML Signature or XML Encryption, the
reference value SHOULD be a wsu:Id.
R5612 When
an xenc:DataReference/@URI or xenc:KeyReference/@URI in an ENCRYPTED_KEY_REFERENCE_LIST is a Shorthand
XPointer Reference to an element not defined by XML Signature or XML Encryption,
the reference value SHOULD be a wsu:Id.
9.4 XML Encryption Algorithms
9.4.1 Permitted Algorithms
R5620 Any
xenc:EncryptionMethod/@Algorithm attribute in an ENCRYPTED_DATA MUST have a value of
"http://www.w3.org/2001/04/xmlenc#tripledes-cbc",
"http://www.w3.org/2001/04/xmlenc#aes128-cbc" or
"http://www.w3.org/2001/04/xmlenc#aes256-cbc"
R5621 When
used for Key Transport, any xenc:EncryptionMethod/@Algorithm attribute in an
ENCRYPTED_KEY MUST have a value of
"http://www.w3.org/2001/04/xmlenc#rsa-1_5" or
"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
R5625 When
used for Key Wrap, any xenc:EncryptionMethod/@Algorithm attribute in an ENCRYPTED_KEY MUST have a value of
"http://www.w3.org/2001/04/xmlenc#kw-tripledes",
"http://www.w3.org/2001/04/xmlenc#kw-aes128", or
"http://www.w3.org/2001/04/xmlenc#kw-aes256"
9.5 Security Considerations
9.5.1 Encrypt DigestValue
C5630 A
SIGNATURE computed over data that is
subsequently encrypted SHOULD also be encrypted in order to prevent plaintext
guessing attacks when the probable set of data values is small.
10. Algorithms
This section provides guidance, and in
some cases requirements, concerning the use of various categories of
algorithms.
10.1 Transport Level Security Algorithms
In SSL and TLS, choices of algorithms are
expressed as ciphersuites. The following subsections specify ciphersuites that
are required, recommended, discouraged and prohibited, respectively. The use of
any other ciphersuite not discussed below is optional.
10.1.1 Mandatory ciphersuites
R5701 A
TLS-capable INSTANCE that is not FIPS
compliant MUST support TLS_RSA_WITH_3DES_EDE_CBC_SHA
R5702 A
SSL-capable INSTANCE that is not FIPS
compliant MUST support SSL_RSA_WITH_3DES_EDE_CBC_SHA
R5703 A
TLS-capable INSTANCE that is FIPS compliant
MUST support TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
R5704 A
SSL-capable INSTANCE that is FIPS compliant
MUST support SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
10.1.2 Recommended ciphersuites
As the AES encryption algorithm is
intended to supercede the 3DES algorithm, it is recommended that TLS-capable
implementations implement TLS_RSA_WITH_AES_128_CBC_SHA or the FIPS equivalent,
and SSL-capable implementations implement SSL_RSA_WITH_AES_128_CBC_SHA or the
FIPS equivalent.
10.1.3 Discouraged ciphersuites
The ciphersuites defined in the SSL and
TLS specifications that use anonymous Diffie-Helman ( i.e. those that have
DH_anon in their symbolic name ) are vulnerable to man-in-the-middle attacks. It
is recommended that such ciphersuites be avoided.
This profile recommends against the use
of the following ciphersuites due to their lack of confidentiality services:
- SSL_RSA_WITH_NULL_SHA
- TLS_RSA_WITH_NULL_SHA
- SSL_RSA_WITH_NULL_MD5
- TLS_RSA_WITH_NULL_MD5
It is also recommended that ciphersuites
that use 40 or 56 bit keys be avoided, due to their relative ease of compromise
through brute-force attack.
10.1.4 Prohibited ciphersuites
This profile does not prohibit the use of
any transport layer security ciphersuites, but careful thought should be given
prior to the use of any ciphersuites discussed under "Discouraged ciphersuites".
11. Relationship of Basic Security Profile as an
Extension to Basic Profile
The Basic Security Profile is an
extension profile to the Basic Profile. This means it is consistent with the
Basic Profile but profiles additional functionality - how to add conformant
security features to the basic profile when needed.
As an extension of the Basic Profile, the
Basic Security Profile is designed to support the addition of security
functionality to SOAP messaging, in an interoperable manner. One example of such
functionality is the confidentiality of selected SOAP header blocks and SOAP
body elements through the use of OASIS Web Services Security encryption. The
intent of such techniques is to change the nature of the SOAP message so that
unintended parties cannot read such content. This means that the secured SOAP
message is no longer obviously related to the original WSDL description, and is
not intelligible without decryption. Other security mechanisms such as
signatures may also modify the content of SOAP envelopes.
The Basic Profile includes requirements
on the content of SOAP envelopes (or in BP 1.0 the format of SOAP messages).
Testing conformance to these statements by using a "man-in-the-middle"
interceptor as outlined in the WS-I Monitor Tool Functional Specification will
not be possible if encryption has been applied to portions of the SOAP envelope
and have not yet been decrypted. Even if interception is possible, some messages
may have a different structure due to security.
Such SOAP messages still conform to the
Basic Profile, since conformance to the Basic Profile means conformance once a
receiver has reversed security changes introduced by a message sender. This is
not obvious in some Basic Profile requirements, so this document further
clarifies these requirements in the normative "Basic Profile Clarifications"
section below.
It is helpful to visualize a SOAP message
in light of a protocol layering model, such as the ISO seven layer protocol
model [ Tanenbaum ]. This model shows how a protocol is in fact composed of
different layers, and how to a given layer underlying layers are transparent.
The implementation of a given protocol layer at an endpoint may be modeled as
that implementation consuming a service of the underlying protocol layer, and
providing a service to the layer above it. In this model no protocol layer need
be aware of layers above or below it, making the layer implementations
independent. This is illustrated in Figure 1.
_files/soap-stack-drawing.png)
Figure 1: Protocol Stack with SOAP
Message Security
Traditionally, protocol layers have been
distinguished by the use of protocol enveloping, where the message at one layer
is conveyed as the body in the next lower layer. The sender passes a message to
the lower level protocol implementation that packages it in a protocol envelope
and sends it to the corresponding layer in the receiver. The sender and receiver
at this lower layer perform whatever processing is necessary for delivery
according to the specification of that layer, and finally the receiver passes
the message up to the peer of the sender.
SOAP Security may be viewed as a lower
layer with respect to the more general SOAP web services application layer. Thus
a SOAP sender may pass a SOAP message to a lower layer SOAP security
implementation that applies encryption (for example), and sends the message to
the destination SOAP Security layer, which removes the encryption before passing
the message up to the peer SOAP web services application layer.
Thus a Basic Profile interceptor and
compliance monitoring activity should logically occur at a receiver at the
interface between the SOAP security implementation and SOAP web services
application layer.
This section of the Profile incorporates the following specifications by
reference:
11.1 Basic Profile Clarifications
This section clarifies the BP1.0
(including Errata), BP1.1, SSBP1.0, and AP1.0 statements that might be unclear
when SOAP Message Security is applied in compliance with the Basic Security
Profile.
This section lists each possibly
confusing BP1.0, BP1.1, SSBP1.0, and AP1.0 requirement and an associated
statement to clarify that requirement in the context of the basic security
profile.
When these clarifying statements include
the phrase "reverse SOAP Message Security" it means to remove various impacts of
applying SOAP Message Security that may have been applied since the MESSAGE
(BP1.0) or ENVELOPE (BP 1.1) was originally created for that recipient according
to the BP. This may mean decrypting relevant portions of the XML or removing XML
Signature elements or making other reverse transformations as appropriate to the
aspects of SOAP Message Security that were applied in the specific circumstance.
Not all security must be reversed, only
that for the intended recipient, as applied to the BP compliant envelope before
sent to that recipient.
11.1.1 BP Requirement R2301
bp10:R2301 states "The order of the
elements in the soap:body of a MESSAGE MUST be the same as that of the
wsdl:parts in the wsdl:message that describes it."
bp11:R2301 states "The order of the
elements in the soap:body of an ENVELOPE MUST be the same as that of the
wsdl:parts in the wsdl:message that describes it."
R5800
bp10:R2301 MUST be true after any SOAP Message Security has been reversed for
the MESSAGE
R5801
bp11:R2301 MUST be true after any SOAP Message Security has been reversed for
the ENVELOPE
11.1.2 BP Requirement R2710
bp10:R2710 states "The operations in a
wsdl:binding in a DESCRIPTION MUST result in operation signatures that are
different from one another."
bp11:R2710 states "The operations in a
wsdl:binding in a DESCRIPTION MUST result in operation signatures that are
different from one another."
R5802
bp10:R2710 MUST be true after SOAP Message Security processing has been reversed
for the MESSAGE
R5803
bp11:R2710 MUST be true after SOAP Message Security processing has been reversed
for the ENVELOPE
11.1.3 BP Requirement R2712
bp10:R2712 states "A document-literal
binding MUST be serialized as a MESSAGE with a soap:Body whose child element is
an instance of the global element declaration referenced by the corresponding
wsdl:message part."
bp11:R2712 states "A document-literal
binding MUST be serialized as an ENVELOPE with a soap:Body whose child element
is an instance of the global element declaration referenced by the corresponding
wsdl:message part."
R5804
bp10:R2712 MUST be true after any SOAP Message Security has been reversed for
the MESSAGE
R5805
bp11:R2712 MUST be true after any SOAP Message Security has been reversed for
the ENVELOPE
11.1.4 BP Requirement R2724
bp10:R2724 states "If an INSTANCE
receives a message that is inconsistent with its WSDL description, it SHOULD
generate a soap:Fault with a faultcode of 'Client', unless a 'MustUnderstand' or
'VersionMismatch' fault is generated."
bp11:R2724 states "If an INSTANCE
receives an envelope that is inconsistent with its WSDL description, it SHOULD
generate a soap:Fault with a faultcode of 'Client', unless a 'MustUnderstand' or
'VersionMismatch' fault is generated."
R5806 For
bp10:R2724 "Inconsistent" MUST be taken to mean "Inconsistent after SOAP Message
security has been reversed", for the MESSAGE
R5807 For
bp11:R2724 "Inconsistent" MUST be taken to mean "Inconsistent after SOAP Message
security has been reversed", for the ENVELOPE
11.1.5 BP Requirement R2725
bp10:R2725 states "If an INSTANCE
receives a message that is inconsistent with its WSDL description, it MUST check
for "VersionMismatch", "MustUnderstand" and "Client" fault conditions in that
order."
bp11:R2725 states "If an INSTANCE
receives an envelope that is inconsistent with its WSDL description, it MUST
check for "VersionMismatch", "MustUnderstand" and "Client" fault conditions in
that order."
R5808 With
respect to bp10:R2725 the INSTANCE must
check for consistency of the MESSAGE per BP 1.0 after reversing SOAP Message
Security.
R5809 With
respect to bp11:R2725 the INSTANCE must
check for consistency of the ENVELOPE per BP 1.1 after reversing SOAP Message
Security.
11.1.6 BP Requirement R2729
bp10:R2729 states "A MESSAGE described
with an rpc-literal binding that is a response message MUST have a wrapper
element whose name is the corresponding wsdl:operation name suffixed with the
string 'Response'."
bp11:R2729 states "An ENVELOPE described
with an rpc-literal binding that is a response MUST have a wrapper element whose
name is the corresponding wsdl:operation name suffixed with the string
'Response'."
R5810 With
respect to bp10:R2729 the verification of the wrapper element name of the MESSAGE must be performed after reversing SOAP
Message Security.
R5811 With
respect to bp11:R2729 the verification of the wrapper element name of the ENVELOPE must be performed after reversing SOAP
Message Security.
11.1.7 BP Requirement R2738
bp10:R2738 states "A MESSAGE MUST include
all soapbind:headers specified on a wsdl:input or wsdl:output of a
wsdl:operation of a wsdl:binding that describes it.
bp11:R2738 states "An ENVELOPE MUST
include all soapbind:headers specified on a wsdl:input or wsdl:output of a
wsdl:operation of a wsdl:binding that describes it."
R5812 With
respect to bp10:R2738 verification of a MESSAGE must occur after SOAP Message Security has
been reversed.
R5813 With
respect to bp11:R2738 verification of an ENVELOPE must occur after SOAP Message Security
has been reversed.
11.1.8 BP Requirement R1029
This clarifies the Basic Profile's R1029
to reflect the fact that transmission of security related faults may increase
the vulnerablility to certain attacks and in some cases faults should not be
transmitted.
R5814 Where
the normal outcome of processing a SECURE_ENVELOPE would have resulted in the
transmission of a SOAP Response, but rather a fault is generated instead, a
RECEIVER MAY transmit a fault or silently
discard the message.
12. Attachment Security
This section of the Profile incorporates the following specifications by
reference:
The section provides guidance for
protecting attachments when they are used with SOAP Messages. As is explained in
Section 3 Conformance all features described in this Profile, including support
for attachments and security for attachments in any form by any instance is not
required.
SSL/TLS may be used to provide
authentication, integrity and confidentiality protection, on a hop-by-hop basis,
for an entire HTTP Message. This includes HTTP Headers, the SOAP Envelope, and
all MIME Parts including MIME Headers.
SSL/TLS does not provide protection,
except between adjacent HTTP Nodes, for HTTP Messages when the SOAP Message Path
contains SOAP Intermediaries. An instance should not use SSL/TLS without WSS
with Message Exchange Patterns (MEPs) that may contain SOAP intermediaries or
when these security functions are required to be performed independently of the
connection.
WSS may be used to provide
authentication, integrity and confidentiality protection for a subset of the
SOAP Message and associated attachments.WSS provides protection for SOAP
Messages and attachments when the SOAP Message Path contains SOAP
Intermediaries. An instance should use WSS with MEPs that may contain SOAP
Intermediaries or when these security functions are required to be performed
independently of the transport layer connection.
An instance may use SSL/TLS in
conjunction with WSS if warranted by application security requirements. This
combination provides integrity and confidentiality protection for the entire
HTTP Message (on a hop-by-hop basis) including HTTP Headers, SOAP Envelope, and
all MIME Parts including MIME Headers.
Application level security mechanisms,
including XML Signature, XML Encryption, PKCS#7, S/MIME, etc. for attachment
data may also be used by a instance where appropriate, but statements regarding
the interoperability of such mechanisms are out of scope for this Profile.
Attachment security conformance claim
URIs (as defined in 12.1) constitute an extensibility point of the Basic
Security Profile. Profiles for other mechanisms for dealing with attachments and
attachment security MUST define a URI for claiming conformance.
This Profile describes one attachment
security mechanism and URI.
12.1 SOAP with Attachments
The following specifications (or sections thereof) are referred to in this
section of the Profile:
R6000
Conformance to this section of the profile MUST be indicated by placing a
ConformanceClaim element on the wsdl:port or wsdl:binding (per BP 1.0 Section
3.3) in the WSDL DESCRIPTION of the service
with the following URI: http://ws-i.org/profiles/basic-security/swa/1.0.
R6001 The
SECURE_MESSAGE MUST conform to Attachments
Profile 1.0.
12.1.2 Scope
R6002 A
signed and/or encrypted MIME Part in a SECURE_MESSAGE MUST be at the same MIME level as
the root MIME Part containing the SECURE_ENVELOPE.
R6003 A
Root MIME Part of a SECURE_MESSAGE MUST NOT
be signed or encrypted.
12.2 Signed Attachments
12.2.1 Reference
R6100 A
signed MIME Part MUST be referenced from within the SECURE_ENVELOPE using a ds:Signature//ds:Reference
element with a URI attribute of the "cid:partToBeSigned".
R6101 A
ds:Reference within a SECURE_ENVELOPE to a
signed MIME Part MUST use a MIME Part Reference Transform designated by the URI
"...#Attachment-Content-Only-Transform" or "...#Attachment-Complete-Transform".
This MIME Part Reference Transform and URI will be specified before the final
version of this Profile is released. The anticipated venue to define this
Transform is the OASIS WSS TC.
R6102 XML
canonicalization MUST NOT be applied when signing MIME Parts in a SECURE_MESSAGE containing XML.
R6104
Signed non-XML MIME Parts in a SECURE_MESSAGE MUST be MIME canonicalized
according to the requirements of the MIME Type.
R6105
Signed XML MIME Parts in a SECURE_MESSAGE
(other than the Root MIME Part containing the Primary SOAP Envelope) MUST be
MIME canonicalized according to the requirements of the "text" MIME Type.
R6106 When
using the "...#Attachment-Complete-Transform" the MIME Part in a SECURE_MESSAGE MUST have a Content-Type header.
12.3 Encrypted Attachments
12.3.1 Reference
R6201 An
encrypted MIME Part in a SECURE_MESSAGE MUST
be referenced using an ENCRYPTED_DATA in the SECURE_ENVELOPE with a Type
attribute with the value "...#Attachment-Content-Only" or
"...#Attachment-Complete".
R6202 The
ENCRYPTED_DATA element in a SECURE_ENVELOPE
that references an encrypted MIME Part in a SECURE_MESSAGE MUST contain a
xenc:CipherData/xenc:CipherReference element with a URI attribute having the
same URI as the original MIME Part.
12.3.2 Content
R6203 The
content of an MIME Part in a SECURE_MESSAGE
encrypted using WSS MUST be replaced by the result of encrypting the content of
the MIME Part.
13. Security Considerations
This section lists a number of security
considerations that should be taken into account when using one or more of the
technologies discussed in this profile.
- SOAPAction Header
- The use of the SOAPAction header in
situations where the message content is being integrity or confidentiality
protected can result in security risks when the transport layer does not
provide the same protection to the SOAPAction header. The most obvious risk is
that the SOAPAction header can potentially expose sensitive information about
a SOAP message such as the URI of the service, or the context of the
transaction that is taking place. Another, more subtle risk occurs in a
situation where message routing is done based on the value of the SOAPAction
header. By modifying the value, an attacker could cause the message to be
directed to a different receiver. This could potentially defeat a replay
detection mechanism that was based on the assumption that the message would
always be routed to the same place. There is also the additional risk where
some processing is performed by an intermediary based on the SOAPAction value.
Changing the value of the SOAPAction may cause incorrect processing by the
intermediary. This is especially important when the intermediary is performing
security processing.
- Clock Synchronization
- The specifications covered by this
profile use time-based mechanisms to prevent replay attacks. These mechanisms
will be ineffective unless the system clocks of the various network nodes are
synchronized. Since the technology to perform distributed clock
synchronization are well known and widely available and are not among the
technologies being profiled here, this document does not specify how clock
synchronization should be done. However, the recommendation of the use of
time-based security mechanisms implies that synchronization is being done.
- Key Identifiers and Token Substitution
- If a message is signed using a
Security Token that binds a public verification key with other claims, and
specific processing is performed based on those claims, then in order to
protect against post-signature substitution of the Security Token with one
that binds the same key to different claims, Security Token itself should be
part of the signature computation. This can be acheived by putting a child
ds:Reference element whose URI attribute contains a shorthand XPointer
reference to the wsse:SecurityTokenReference that specifies the Security Token
into the ds:SignedInfo element of a signature.
- Binding Security Tokens to Signatures
- If a ds:SignedInfo contains one or
more ds:Reference children whose URI attribute contains a shorthand XPointer
reference to a wsse:SecurityTokenReference that uses a potentially ambiguous
mechanism to refer to the Security Token (e.g. KeyIdentifier), then in order
to protect against post-signature substitution of the Security Token with one
that binds the same key to different claims, it is recommended that at least
one ds:Reference use the wsse:SecurityTokenReference deferencing transform.
Other references to the wsse:SecurityTokenReference that do not use the
wsse:SecurityTokenReference dereferencing transform may also appear.
- Uniqueness of ID attributes
- XML 1.0 requires that all attributes
of type ID in a given XML document have unique values, but only validating XML
processors have such type information. As various aspects of SOAP Message
Security use ID based references it is recommended that applications ensure
that ID attributes are unique by some mechanism.
- Encryption Key Substitution
- When a key is provided in band within
a Token or otherwise for the purpose of specifying a key to be used by another
node for encrypting information to be sent in a future message, it is
recommended that the sender of the key cryptographicaly bind the key to the
message in which it is transmitted. This can be done either by using the key
to perform a Signature or HMAC over critical elements of the message body or
by including the key under a signature covering critical elements of the
message body which uses some other key. If a key is sent in a message which
the receiver is expected to use to encrypt data in some future message, there
is a risk that an attacker could substitute some other key and thereby be able
to read unauthorized data. This is true even if the key is contained in a
signed certificate, but is not bound to the current message in some way. If
the future encryption key is used to sign the initial request, by verifying
the signature, the receiver can determine that the key is the one that was
intended.
- Signing Security Tokens
- In general, tokens contain claims made
by an authority, usually about some system entity. Obviously a party relying
on these claims must trust that authority to make them. The relying party must
generally verify these claims. The method of doing this depends on the token
type and is specified by the corresponding token profile.
- Signing Username Tokens
- When a wsse:UsernameToken contains
only a wsse:Username and wsse:PasswordText and is simply presented for
Authentication where replay is not a concern, it does not need to be signed
because the act of checking it against a stored value has the effect of
verifying it. When a wsse:Nonce and/or wsu:Created are used with the
wsse:Username and wsse:PasswordText to prevent replay, the wsse:UsernameToken
must be signed to prevent undetected alteration of these fields. If a
wsse:PasswordText is being used to derive a key for a subsequent encryption of
a response, it should be signed to ensure that an attacker does not substitute
an alternative, but valid wsse:Username and wsse:PasswordText. This is
equivalent to the key substitution attack available when an X.509 Token is
used for a similiar purpose.
- Signing Binary Tokens
- The content of a binary token will be
a binary object which is integrity protected by a mechanism specific to the
object type. For example, an X.509 certificate will be signed by the issuing
authority. The outer wrapper of the binary token merely contains type
indication information which does not have to be integrity protected in order
to be able to rely in the claims.
- Signing XML Tokens
- XML tokens should be digitally signed
in a manner described by their profile (or documents referenced by it), or
delivered directly from their issuer over an integrity protected channel.
- Replay of Username Token
- A sender that includes a Nonce child
in a UsernameToken element should anticipate that the receiver may refuse to
process the message due to either an accidental collision or transport layer
delays. Therefore, if it decides to retry transmission, it should do so with a
new Nonce.
- Unless other mechanisms are used to
protect against replay of the username token, service providers should retain
nonces in a store that is shared between all SOAP nodes (and within a
distributed SOAP node all "components") that can be authorized using the same
passwords.
- The policy that allows service
providers to forget nonces may be based on any considerations that the service
considers relevant. When a nonce is forgotten the server should ensure that in
the future it rejects UsernameTokens with a Created time that is earlier than
the forgotten nonce.
- Use of password digests vs cleartext
password
- A sending application utilizing
password authentication must decide whether to use a cleartext password or a
password digest (The sender needs to know via some out-of-band mechanism
and/or prior arrangement which mechanisms the receiver supports). The digest
should always be prefered if it can be used, as the digest algorithm does not
reveal the password and can protect against replay of the password. (It does
not however, protect against offline guessing or brute force attacks.)
- Password digests can only be used in
situations where both sender and receiver can start with the same secret value
(e.g., the cleartext password or a hash of the password). The following are
criteria for considering when to use digests vs. cleartext:
- 1. If the receiver can access the
cleartext password, a digest may be used.
- 2. If the receiver can access a value
that can be derived by the sender directly from the cleartext password (e.g.,
the receiver has access to a SHA1 hash of the password), the derived value
(e.g. the hash) may be used in the digest.
- 3. If the sender needs extra
information to derive the value available to the receiver, it will not be
feasible to use password digest, even though the information is not
intentionally secret. For example, UNIX systems add a salt value to each
password before hashing it. It is infeasible for the sender to discover the
salt value required for a specific username.
- 4. If the receiver does not have
access to any password value, derived or otherwise, but merely the ability to
test a username/password combination for validity, a digest may not be used.
An example of this is when the username/password combination is presented to a
database, directory or mainframe system for verification.
- When sending any form of a password,
cleartext or digest, confidentiality services are strongly recommended to
prevent its value from being revealed or from offline guessing.
- Encryption with signature
- When a message contains a data value
which does not have a significant number of probable variations and that data
is signed and then encrypted, it is recommended that the sender either include
some suitably random value such as a wsse:Nonce in the data, or encrypt the
related ds:DigestValue element in order to protect the confidentiality of the
data.
- An adversary can compute the digest
for each data values and compare them against the digests in the signature
thereby deducing the encrypted data value. This type of attack is most likely
to be successful when there are a relatively small set of probable data
values. Therefore the threat can be mitigated by introduction of some random
value into the original data or encryption of the digest.
Appendix A: Referenced Specifications
The following specifications' requirements are incorporated into the Profile
by reference, except where superseded by the Profile:
Appendix B: Extensibility Points
This section identifies extensibility points, as defined in "Scope of the
Profile," for the Profile's component specifications.
These mechanisms are out of the scope of the Profile; their use may affect
interoperability, and may require private agreement between the parties to a Web
service.
In The TLS
Protocol Version 1.0:
- E0009 - TLS Ciphersuites
- TLS allows for the use of arbitrary encryption algorithms. Note that while
section 10.1 of this Profile mandates, recommends, and discourages support for
certain ciphersuites, this Profile does not prohibit use of any specific
ciphersuite.
- E0010 - TLS Extensions -
TLS allows for extensions during the handshake phase.
In The
SSL Protocol Version 3.0:
- E0011 - SSL Ciphersuites
- SSL allows for the use of arbitrary encryption algorithms. Note that while
section 10.1 of this Profile mandates, recommends, and discourages support for
certain ciphersuites, this Profile does not prohibit use of any specific
ciphersuite.
In Web
Services Security: SOAP Message Security:
- E0002 - Security Tokens -
Security tokens may be specified in additional security token
profiles.
In RFC2459:
Internet X.509 Public Key Infrastructure Certificate and CRL Profile:
- E0012 - Certificate
Authority - The choice of the Certificate Authority is a private
agreement between parties.
- E0013 - Certificate
Extensions - X.509 allows for arbitrary certificate
extensions.
In XML Encryption
Syntax and Processing:
- E0008 - Encryption
Algorithm - Additional encryption algorithms may be
specified.
Appendix C: Acknowledgements
This document is the work of the WS-I Basic Security Profiles Working Group,
whose members have included:
Steve Anderson (OpenNetwork), Paula Austel (IBM), Siddharth Bajaj (Verisign),
Frank Balluffi (Deutsche Bank), Abbie Barbir (Nortel Networks), David Baum
(Kantega AS), Randy Bias (Grand Central Communications), Tim Bond (webMethods,
Inc.), Heidi Buelow (Quovadx), David Burdett (Commerce One, Inc.), Ted Burghart
(Hitachi, Ltd.) Symon Chang (Commerce One, Inc.), Richard Chennault, (Kaiser
Permanente), Dipak Chopra (SAP AG), Jamie Clark (OASIS), Edward Cobb (BEA
Systems, Inc.), David Cohen (Merrill Lynch), Brett Cooper, (Accenture), Ugo
Corda (SeeBeyond Technology), Paul Cotton (Microsoft Corporation), Suresh
Damodaran, (Rosettanet), Mark Davis (Sarvega, Inc.), Alex Deacon (Verisign),
Thomas DeMartini (ContentGuard, Inc.), Blake Dournaee (Sarvega, Inc.), Rob Drew
(Charlse Schwab), Gregory Elkins (Reed Elsevier), Mark Ericson (Mindreef), Jon
Oyvind Eriksen (Kantega AS), Chris Ferris (IBM), Bob Freund, (Hitachi), Edwin
Goei (Sun Microsystems), Grant Goodale (Reactivity, Inc.), Marc Goodner (SAP
AG), Phil Goodwin (Sun Microsystems), Marc Graveline (Cognos, Inc.), Eric
Gravengaard (Reactivity, Inc.), Thomas Gross (IBM), Martin Gudgin (Microsoft
Corporation), Marc Hadley (Sun Microsystems), Mark Hapner (Sun Microsystems),
Nathan Harris (Kaiser Permanente), Bret Hartman (Datapower Technology, Inc.),
Frederick Hirsch (Nokia), Jason Hogg (Microsoft Corporation), Maryann Hondo
(IBM), Lawrence Hsiung (Quovadx), Tony Huber (Commerce Quest), Jim Hughes
(Hewlett-Packard), Michael Hui (Computer Associates), Brian Jackson (Avanade,
Inc.), Steve Jenisch (SAS Institute), Erik Johnson (Epicor), Chris Kaler
(Microsoft Corporation), Anish Karmarkar (Oracle Corporation), Dana Kaufman,
(Forum Systems), Manveen Kaur (Sun Microsystems), Slava Kavsan (RSA Security),
Paul Knight (Nortel Networks), Chris Kurt (Microsoft Corporation), Kelvin
Lawrence (IBM), Hal Lockhart (BEA Systems), Brad Lund (Intel Corporation), Jim
Luth (OPC Foundation), Paul Madsen (Entrust, Inc.), Eve Maler (Sun
Microsystems), Skip Marler (Parasoft), Axl Mattheus (Sun Microsystems), Michael
McIntosh (IBM), Craig Milhiser, (Ascential), Chris Miller (Accenture), Dale
Moberg (Cyclone Commerce), Ron Monzillo (Sun Microsystems), K. Scott Morrison,
(Layer 7) Tim Moses (Entrust, Inc.), Tony Nadalin (IBM), Nataraj Nagaratnam
(IBM), Andrew Nash (RSA Security), Hsin Ning (Bestning Technologies), Eisaku
Nishiyama (Hitachi, Ltd.), Mark Nottingham (BEA Systems, Inc.), TJ Pannu
(ContentGuard, Inc.), Martine Pean (Quovadx), Robert Philpott (RSA Security),
Dave Prout (BT), Joe Pruitt (F5 Networks, Inc.), Eric Rejkovic (Oracle
Corporation), Matt Recupito (Accenture), Jason Rouault (Hewlett-Packard), Rich
Salz (Datapower Technology, Inc.), Matt Sanchez (Webify Solutions, Inc. ), Jerry
Schwarz (Oracle Corporation), Senthil Sengodan (Nokia), Shawn Sharp (Cyclone
Commerce), Aslak Siira (F5 Networks, Inc.), David Solo (Citigroup, Inc. ),
Davanum Srinivas (Computer Associates), Raghavan Srinivas (Sun Microsystems),
John Stanton (Defense Information Systems Agency), Andrew Stone (Accenture),
Julie Surer (MITRE), Wes Swenson (Forum Systems), Dino Vitale (Citigroup, Inc.),
Jonathan Wenocur (Datapower Technology, Inc.), Pete Wenzel (SeeBeyond
Technology), Ian White (Micro Focus)
