On Mar 23, Jon MacLaren loaded a tape reading:
No, I don't think I've explained it properly. It's a lot simpler that your reply suggests.
I didn't say the agreement is a message, which you stated in your reply. I said that it should be a document. There is nothing to stop me sending a signed document as part of an XML message irrespective of the message-level/transport-level security stuff.
Nothing except for the same WS-A guidelines that we would now be violating in making a particular signature algorithm part of the standard. Which method would you suggest? I don't even know what identification standard we can assume for the agreement parties... PKI? Kerberos? <Username, password>? Which community do we decide is _the_ community for WS-Agreement? I need PKI for Globus Toolkit deployment, but I am sure others need something else. So, if we factor out signature itself as something that must come from a profile of WS-Agreement and security specs, then all we have left is the initiator sending the document once (where it could possibly be signed) and the responder sending it once (where it could possibly be signed). We do not currently have the responder sending the agreement document, since it seemed "redundant" to the people who do not care about this signature dance. I see this as a justifiable reason to put it back in spite of its "redundancy". We could put it in the output of the createAgreement and the input of the acceptAgreement [if we go w/ the proposal I summarized again recently]. Or, we could say that the initiator MAY fetch it anytime after acceptance by fetching an RP containing the document, e.g. AcceptedAgreement, which would be nil until the acceptance decision is made. I don't know how to allow arbitrary signature content to appear within the WS-Agreement messages (where we currently have the agreement doc element). I do, however, think it is trivial to have the sending party sign the _entire_ message and use that rather than trying to embed signature at the application level. However, it seems impossible to mandate that "both" parties have signed the responder-generated document, since we do not have any way of specifying what it means to have signed it. I think that, too, would have to be in a secure-agreement profile. I am not sure it is even strictly necessary, when one can retain the two unilaterally signed messages and present them together to show agreement. karl -- Karl Czajkowski karlcz@univa.com