[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SKSML Message Integrity and Confidentiality
Hi all, during the development of SKSML v1.0, there was a mandatory dependence on the SOAP/WS-Security layer to provide the integrity and confidentiality needs. I had made some observations that this can be updated to include other modes such as mutually authenticated TLS or just plain xml over a transport in situations requiring lower levels of trust (say within a protected environment). Anyway, the keys returned are REQUIRED to be encrypted, irrespective of existence of a SOAP/WSS layer. Since we will be going to public review 02 of the specification to include WSDL, xsd changes etc, I would like to introduce the concept of profiles into the specification, requiring a SOAP profile for compliance. But implementations should be able to provide other forms (mutual TLS or plain xml over a transport) as add-ons. Please share your thoughts? Regards, Anil
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]