Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 28901 invoked from network); 27 Jun 2008 16:07:01 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 27 Jun 2008 16:07:01 -0000 Received: (qmail 95771 invoked by uid 500); 27 Jun 2008 16:07:02 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 95535 invoked by uid 500); 27 Jun 2008 16:07:01 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: security-dev@xml.apache.org List-Id: Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 95524 invoked by uid 99); 27 Jun 2008 16:07:01 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Jun 2008 09:07:01 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Jun 2008 16:06:19 +0000 Received: by brutus.apache.org (Postfix, from userid 33) id 7D0DD234C14D; Fri, 27 Jun 2008 09:06:09 -0700 (PDT) From: bugzilla@apache.org To: security-dev@xml.apache.org Subject: DO NOT REPLY [Bug 43685] Problem verifying signatures generated by BEA Aqualogic X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: newchanged X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Security X-Bugzilla-Component: Signature X-Bugzilla-Keywords: X-Bugzilla-Severity: major X-Bugzilla-Who: rene@hjortskov.dk X-Bugzilla-Status: NEEDINFO X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: security-dev@xml.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: In-Reply-To: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Message-Id: <20080627160609.7D0DD234C14D@brutus.apache.org> Date: Fri, 27 Jun 2008 09:06:09 -0700 (PDT) X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=3D43685 --- Comment #16 from Ren=C3=A9 Nielsen 2008-06-27 09:0= 6:08 PST --- Multiple things can go wrong using InclusiveNamespaces PrefixList=3D"". 1) If the logical representation uses InclusiveNamespaces PrefixList=3D"", = but the physical representation (the canonilized output before signing) complet= ely ignores it in only one end it poses a problem 2a) If InclusiveNamespaces PrefixList=3D"" means different things in BEA and WSS4J such as one end interpreting it as the default namespace 2b) If InclusiveNamespaces PrefixList=3D"" means different things in BEA and WSS4J such as one end interpreting it as part of the physical representation and the other leaving it out, yet preserves it in the logical representation This problem persist even after upgrading WebLogic Server 9.2 to Maintanance Pack 3, where newline and Document Order is fixed in relation to canonilization. BEA Support and WSS4J both ask for more information, and both claims to be = WS-I compliant, however, they don't work together. As I would expect BEA Support to download WSS4J and create a test, I would = also expect WSS4J to download WLS 9.2 with MP 3 and create a sample. I guess that both parties find it just as hard and timeconsuming a task as I find it hard and timeconsuming to provide the solution for you. The BEA API doesn't allow one to print the canonilized output as WSS4J does. BEA Support just wrote me today and said that signing (the step after canonilization) often happens while streaming over the network or sometimes= in the handleRequest or handleResponse events. If that is true, then output of= a BEA client must be exactly what is output from the canonilization step. Feel free to contact me by email, if you are interested in the BEA client a= nd the WSS4J serverside. Anyway, thanks for responding Sean - I'm trying to get BEA Support to help = me provide the information you require, since I have to decompile and rewrite = and recompile the weblogic.jar in order to get the canonilized output. --=20 Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=3De= mail ------- You are receiving this mail because: ------- You are the assignee for the bug.=