OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Transforms for securing attachments

We request that the WSS TC define transforms that may be used for
signing, verifying, encrypting and decrypting SOAP with Attachments
[SwA] attachments using SOAP Message Security.  We propose to reference
these attachments using the Content-ID MIME header and a CID URI as
defined in [RFC 2392].

We request that the WSS TC commit to work on this activity, and to start
work on this immediately, in parallel with its other ongoing work.

Defining such transforms will allow interested parties to sign and/or
encrypt SwA attachments associated with SOAP messages using SOAP Message
Security techniques, providing additional functionality that many OASIS
constituents will find useful.

We propose that the following transforms be specified:

1. MIME Part Signature Transforms
- This transform is used for both signing and verifying MIME
attachments.
- This transform is to be used with a wsse:Security/ds:Signature
ds:Reference that uses a CID URI to reference a SwA MIME part. 
- What is signed is the entire MIME part, including the MIME headers for
that part.
- More than one transform may be desired, perhaps one for including the
MIME headers and another for excluding them.

2. MIME Part Encryption Transform
- This transform is used to generate the plain text data from the MIME
part that will be encrypted.
- More than one transform may be desired, perhaps one for including the
MIME headers and another for excluding them.

3. MIME Part Decryption Transform
- This transform is used to obtain the cipher data from the MIME part
that conveys it. 
- This transform would be reference within a xenc:CipherReference
ds:Transform used with a CID xenc:CipherReference URI to obtain the
entire MIME part for decryption.

Unique URIs must be defined for each of the above transforms.

The WSS TC appears to be the appropriate venue for defining such
transforms to be associated with SOAP Message Security and this work
would allow SwA attachments to be secured using SOAP Message Security.

We request that the WSS TC add the definition of such transforms to the
WSS TC agenda for the May 18 meeting.

Thank you.

Regards, 

Paula Austel, IBM
Hal Lockhart, BEA
Frederick Hirsch, Nokia
Tony Nadalin, IBM
Paul Cotton, Microsoft 
Michael McIntosh, IBM
Dana Kaufman, Forum Systems
TJ Pannu, ContentGuard
Steve Anderson, OpenNetwork
Jerry Schwarz, Oracle 

[SwA] http://www.w3.org/TR/2000/NOTE-SOAP-attachments-20001211 
[RFC 2392] http://www.ietf.org/rfc/rfc2392.txt 

Paul Cotton, Microsoft Canada 
17 Eleanor Drive, Nepean, Ontario K2E 6A3 
Tel: (613) 225-5445 Fax: (425) 936-7329 
mailto:pcotton@microsoft.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]