Re: secure a WS called via GPRS

From: "Trapulo" <trapulo@xxxxxxxxxxxxxxx>
Date: Sat, 19 Aug 2006 10:52:56 +0200

Hello Steven,
yes, I made some tests and I decided to implement a "custom signature based"
solution. In detail, now I pass to my webservice three parameters: who I am
(client's ID, I require to validate signature), the xml command (I decided
to use a custom command-response protocol based on XML messages, so later
I'll can also use something different from webservices without change any
logic), and the RSA signature. I'm leaving data without any cryptography,
because this is not a problem now. If I'll require it later, I think that
I'll encrypt XML payload, or use SSL. The only improvement I may work on is
the way I pass the XML: now I'm using a String parameter, but I've seen your
other post about this, so I need to change it to XmlDocumentm and then I
need a way to compress all (I've seen you have posted some other links about
this, I'll read them asap).

I think this will work, however if you have any further suggestions I'll get
them with glad :)

Thank you

"Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:i%23j9KmSwGHA.5976@xxxxxxxxxxxxxxxxxxxxxxxx

Hi Trapulo,

How is everything going on? Have you decided which approach to use? If
there is any other information you wonder, please feel free to let me
know.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no
rights.

Follow-Ups:
- Re: secure a WS called via GPRS
  - From: Steven Cheng[MSFT]

References:
- secure a WS called via GPRS
  - From: Trapulo
- RE: secure a WS called via GPRS
  - From: Steven Cheng[MSFT]
- Re: secure a WS called via GPRS
  - From: Trapulo
- Re: secure a WS called via GPRS
  - From: Steven Cheng[MSFT]
- Re: secure a WS called via GPRS
  - From: Steven Cheng[MSFT]

Prev by Date: wsdl does not create wse3.0 version of service
Next by Date: Re: WSE 2.0 SP3, Serialization attribute
Previous by thread: Re: secure a WS called via GPRS
Next by thread: Re: secure a WS called via GPRS
Index(es):
- Date
- Thread

Relevant Pages

Re: string "changing" length
... logic on how you pass the string into webservice message and where did you ... I read an xml file from disk with this code: ... the xml code is loaded to a webservice as a string parameter. ... The signature is passed to the webservice as an other byteparameter. ...
(microsoft.public.dotnet.framework.webservices)
Re: How to verify CA for a X.509 certificate
... There has been a lot of work done around X509 for the 2.0 release of the framework. ... Both XML Encryption and XML Digital Signatures have ... >>> The article DOES check if the public key is in the store, ... >>> to use it to explicitly verify the signature on the cert. ...
(microsoft.public.dotnet.security)
Re: Digitally signing XML files
... PrivateKey privateKey, boolean debug) throws WSSecurityException ... //Add SecurityHelper.class header to the SOAP message if it does ... Append the signature element to proper location before signing ... // SOAP XML document, the SOAP body is referenced as a URI ...
(comp.lang.java.programmer)
XmlDSig trouble
... I'll start with a xml snippet of a signature: ... a customer wants to sign xml that is to be validated ... The problem is related to the first reference in the SignedInfo with ... Transform it with Enveloped Signature ...
(microsoft.public.dotnet.security)
Re: Digitally signing XML files
... There is, W3C has a specification for XML Signatures, see ... You put in a new element called Signature. ... Crypto algorithms typically require their input to be bytes, ... These are easiest to answer with a single word: canonicalization. ...
(comp.lang.java.programmer)