Exactly, Ric. Encryption is
not mandatory. But if a message is to be encrypted, those part(s)
specified must be encrypted. I'll reword to make clearer.
Ric Emery wrote:
20080811210348.328811F4041@mailgw5.z-phx-11.us.sopragroup.com"
type="cite">
7.4 and 7.5 – indicate that a message MUST be
encrypted. I do not think that we want to require encryption of all AS4
messages.
You might want to reword to indicate that an AS4 encrypted message
requires the SOAP Body and any MIME Attachments be encrypted. But,
encryption is not mandatory.
On 8/11/08 1:29 PM, "Timothy Bennett" <timothy@drummondgroup.com>
wrote:
I'd like to make the following
profiling proposals for AS4 for Section 7 of the ebMS v3 Spec. Please
comment and provide feedback.
7.2 Signing Messages
AS4 messages SHALL NOT use Enveloped Signatures. Only Detached
Signatures will be supported for signing user messages and signal
messages.
The entire eb:Messaging Container Element and the SOAP Body MUST be
included in the signature.
7.3 Signing SOAP with Attachments Messages
AS4 messages that are packaged using SOAP with Attachments SHALL NOT
use the Attachment-Complete transform. Only the
Attachment-Content-Only transform will be used.
The entire eb:Messaging Container Element and all MIME body parts MUST
be included in the signature.
7.4 Encrypting Messages
The eb:PartyInfo section SHALL NOT be encrypted.
The SOAP Body MUST be encrypted.
7.5 Encrypting SOAP with Attachments Messages
MIME body parts of included payloads MUST be encrypted.
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
|