Uploaded image for project: 'OASIS ebXML Messaging Services TC'
  1. OASIS ebXML Messaging Services TC
  2. EBXMLMSG-40

Update XML Signature/Encryption reference to version 1.1 to get newer algorithms



    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Component/s: AS4 Profile, Core Spec
    • Labels:


      In ebMS3 it is possible to configure the signature algorithm:

      "PMode[1].Security.X509.Signature.Algorithm: The value of this parameter identifies the algorithm that is used to compute the value of the digital signature. The definitions for these values are found in the [XMLDSIG] or [XMLENC] specifications."

      ebMS3 Core has the following reference to XML Signature:
      [XMLDSIG] Donald Eastlake, et al, eds, XML-Signature Syntax and Processing, 2002. <http://www.w3.org/TR/xmldsig-core/>

      AS4 has the following:
      [XMLDSIG] XML-Signature Syntax and Processing (Second Edition). W3C Recommendation. 10 June 2008. http://www.w3.org/TR/xmldsig-core/

      Both are outdated in various ways. For digest algorithms, they define SHA1 and not SHA2. For signature, they define rsa-sha1 but not rsa-sha256.

      The current version of XML Signature, which is the 1.1 version of April 2013, http://www.w3.org/TR/xmldsig-core1/ Could we update the reference to point to the 1.1 version? I would like to be able to set the digest algorithm to http://www.w3.org/2001/04/xmlenc#sha256 and signature algorithm to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.

      Here is an email exchange between me and Frederick Hirsch on this, with some background information. SHA1 is being phased out rapidly.

      The ebMS3 Core Pmode takes its values directly from the W3C specification, so it easier to update than WS-SecurityPolicy which has its own identifier format.

      There is also a newer version of XML Encryption with newer algorithms.




            • Assignee:
              pvde Pim van der Eijk
            • Watchers:
              0 Start watching this issue


              • Created: