[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ekmi] SKSML Message Integrity and Confidentiality
I think that is a very good idea. Implementing TLS authentication is much simpler than using WS-security for authentication, at least with current java tools. So different profiles there sounds like a good idea to me. Regards, Tomas Anil Saldhana wrote: > Hi all, > during the development of SKSML v1.0, there was a mandatory dependence > on the SOAP/WS-Security layer to provide the integrity and > confidentiality needs. I had made some observations that this can be > updated to include other modes such as mutually authenticated TLS or > just plain xml over a transport in situations requiring lower levels of > trust (say within a protected environment). Anyway, the keys returned > are REQUIRED to be encrypted, irrespective of existence of a SOAP/WSS > layer. > > Since we will be going to public review 02 of the specification to > include WSDL, xsd changes etc, I would like to introduce the concept of > profiles into the specification, requiring a SOAP profile for > compliance. But implementations should be able to provide other forms > (mutual TLS or plain xml over a transport) as add-ons. > > Please share your thoughts? > > Regards, > Anil > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]