OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] SOAP with Attachments Proposal

Jerry,

What originally prompted my question was in lines 220/221 of SwA profile
there is a mention of "possibly other out of band information, according
to the XML Encryption Standard" and I started searching the profile for
how to specify which key was used to sign/encrypt the attachment. So my
guess is that even the "Processing Rules" section needs to be updated to
reflect this possible interplay with elements in X509 profile.

Thanks,
dims

-----Original Message-----
From: Jerry Schwarz [mailto:jerry.schwarz@oracle.com] 
Sent: Friday, June 04, 2004 2:52 PM
To: Srinivas, Davanum M; Frederick.Hirsch@nokia.com;
wss@lists.oasis-open.org
Cc: mikemci@us.ibm.com
Subject: RE: [wss] SOAP with Attachments Proposal


The simple answer is yes.

But your question does bring up a structural issue.

The intention is that this profile says how you use various elements to
refer to attachments. It is not intended to constrain how other elements
are used to specify key's, algorithms etc.  There probably needs to be
some introductory material to make that clear. As far as I can tell the
X509 Token Profile does not say anything about the elements that are
being specified in the SwA profile, but I may have overlooked something.


At 10:55 AM 6/4/2004, Srinivas, Davanum M wrote:
>Fredrick,
>
>(Dumb?) Question: Can we still use wsse:BinarySecurityToken and 
>wsse:KeyIdentifier (sections 3.3.1 and 3.3.2 in X509 Token Profile) 
>with ds:KeyInfo/wsse:SecurityTokenReference to point to the certs? For 
>example to be able to have one wsse:BinarySecurityToken that's used to 
>sign/encrypt parts of the soap message and some of the attachments.
>
>Thanks,
>dims
>
>-----Original Message-----
>From: Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com]
>Sent: Friday, May 28, 2004 2:01 PM
>To: wss@lists.oasis-open.org
>Cc: mikemci@us.ibm.com; jerry.schwarz@oracle.com; 
>Frederick.Hirsch@nokia.com
>Subject: [wss] SOAP with Attachments Proposal
>
>Enclosed is a draft profile for securing SOAP with Attachments (SwA) 
>using WSS SOAP Message Security.
>
>I am sending this to close the action item recorded on the 5/18/04 call

>to submit a proposal, related to  issues 285, 268, and 129, taken by 
>Mike McIntosh, Jerry Schwarz and myself.
>
>We intend this as a starting point for members of the WSS TC to discuss

>and improve.
>
>Thanks
>
>regards, Frederick
>
>Frederick Hirsch
>Nokia
>
>  <<wss-swa-profile-1.0-draft-03.pdf>>
>
>
>To unsubscribe from this mailing list (and be removed from the roster 
>of the OASIS TC), go to 
>http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgrou
p.php.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]