Editing WS-Security (section)

==Issues==
* If there are frequent message exchanges between service provider and consumer, the overhead of XML SIG and XML ENC are significant. If end-to-end security is required, a protocol like [[WS-SecureConversation]] may reduce the overhead. If it's sufficient, use only encryption ''or'' signing, as the combination of both is significantly slower than the mere sum of the single operations. See [[#Performance|Performance]] below.
* The merging of several XML schemata like SOAP, SAML, XML ENC, XML SIG might cause dependencies on different versions of library functions like canonicalization and parsing, which are difficult to manage in an application server.
* If only [[Padding (cryptography)|CBC mode encryption/decryption]] is applied or if the CBC mode decryption is applied without verifying a secure checksum ([[Digital Signature|signature]] or [[Message authentication code|MAC]]) before decryption then the implementation is likely to be vulnerable to [[padding oracle attack]]s.<ref>{{cite web|last=Sabarnij|first=Sergej|title=Padding Oracle Attacks – breaking theoretical secure cryptosystems in the real world|url=http://www.nds.rub.de/media/nds/attachments/files/2011/08/padding_oracle_1.pdf|publisher=Ruhr Universität Bochum}}</ref>