[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 206 - Order of processing
Lines 844-846: To add a signature to a <wsse:Security> header block, a <ds:Signature> element conforming to the XML Signature specification SHOULD be prepended to the existing content of the <wsse:Security> header block. Change to: To add a signature to a <wsse:Security> header block, a <ds:Signature> element conforming to the XML Signature specification MUST be prepended to the existing content of the <wsse:Security> header block, in order to indicate to the receiver the correct order of operations. Lines 1166-1169: Parts of a SOAP message may be encrypted in such a way that they can be decrypted by an intermediary that is targeted by one of the SOAP headers. Consequently, the exact behavior of intermediaries with respect to encrypted data is undefined and requires an out-of-band agreement. Change to: It is possible for overlapping portions of the SOAP message to be encrypted in such a way that they are intended to be decrypted by SOAP nodes acting in different Roles. In this case, the ReferenceList or EncryptedKey elements identifying these encryption operations will necessarily appear in different Security headers. Since SOAP does not provide any means of specifying the order in which different Roles will process their respective headers, this order is not specified by this specification and can only be determined by a prior agreement. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]