OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ekmi message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ekmi] SOAP 1.2 Profile for SKSML 1.0


I updated samples from the EKMI spec to SOAP v1.2. Only 2 changes needed 
as far as I can tell. They're decribed in the wiki. EKMI does not 
heavily use or depend on specific SOAP features and as such should be 
more or less independent of SOAP version used.

Regards,
Tomas

On 05/24/2010 07:26 PM, Anil Saldhana wrote:
> Tomas,
> we can discuss the soap 1.2 profile here and make the changes to the
> wiki page: http://wiki.oasis-open.org/ekmi/SOAP1_2_Profile
>
> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope";
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
>
> <soap:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>
> xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>
> xmlns:env="http://www.w3.org/2003/05/soap-envelope";
> soap:mustUnderstand="1">
> <wsse:BinarySecurityToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
>
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
>
> wsu:Id="XYZZZ">
> [Your base64 encoded X.509 certificate…]
> </wsse:BinarySecurityToken>
> <ds:signature>
> ....
> </ds:signature>
> </wsse:Security>
> </soap:Header>
> <SOAP-ENV:Body
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>
> wsu:Id="SomeUUID">
> <ekmi:KeyCachePolicyRequest
> xmlns:ekmi="http://docs.oasis-open.org/ekmi/2008/01"/>
> </SOAP-ENV:Body>
> </soap:Envelope>
>
> We will have to describe the SOAP payload line by line as done in
> http://docs.oasis-open.org/ekmi/sksml/v1.0/pr01/SKSML-1.0-Specification.html
>
>
> IMO this profile will basically list out the SOAP payload structure with
> the ekmi request/response.
>
> We should definitely mandate the higher levels of assurance with
> ws-security 1.0 such as X509. The UsernamePasswordToken profile should
> be prohibited.
>
> Regards,
> Anil
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail. Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]