[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ekmi] SOAP 1.2 Profile for SKSML 1.0
I updated samples from the EKMI spec to SOAP v1.2. Only 2 changes needed as far as I can tell. They're decribed in the wiki. EKMI does not heavily use or depend on specific SOAP features and as such should be more or less independent of SOAP version used. Regards, Tomas On 05/24/2010 07:26 PM, Anil Saldhana wrote: > Tomas, > we can discuss the soap 1.2 profile here and make the changes to the > wiki page: http://wiki.oasis-open.org/ekmi/SOAP1_2_Profile > > <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> > > <soap:Header> > <wsse:Security > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" > > xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" > > xmlns:env="http://www.w3.org/2003/05/soap-envelope" > soap:mustUnderstand="1"> > <wsse:BinarySecurityToken > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" > > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" > > wsu:Id="XYZZZ"> > [Your base64 encoded X.509 certificate…] > </wsse:BinarySecurityToken> > <ds:signature> > .... > </ds:signature> > </wsse:Security> > </soap:Header> > <SOAP-ENV:Body > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" > > wsu:Id="SomeUUID"> > <ekmi:KeyCachePolicyRequest > xmlns:ekmi="http://docs.oasis-open.org/ekmi/2008/01"/> > </SOAP-ENV:Body> > </soap:Envelope> > > We will have to describe the SOAP payload line by line as done in > http://docs.oasis-open.org/ekmi/sksml/v1.0/pr01/SKSML-1.0-Specification.html > > > IMO this profile will basically list out the SOAP payload structure with > the ekmi request/response. > > We should definitely mandate the higher levels of assurance with > ws-security 1.0 such as X509. The UsernamePasswordToken profile should > be prohibited. > > Regards, > Anil > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]