[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] SOAP with Attachments Proposal
dims The "out of band" simply meant that key information could be conveyed out of band for the receiver to know how to decrypt, e.g. the <xenc:EncryptedData> element contains no <ds:KeyInfo> element or no security token related to the key is conveyed. The general processing rules for decrypting are in the SOAP Message Security standard, with the statement that if a key is conveyed with a security token, then the <ds:KeyInfo> element should use a <wsse:SecurityTokenReference> to the token. I'm not sure we need to spell this out in this SwA profile, but could. Am I missing more aspects of your comment? (Are you also asking can a certificate be conveyed in an attachment?) regards, Frederick Frederick Hirsch Nokia > -----Original Message----- > From: ext Srinivas, Davanum M [mailto:Davanum.Srinivas@ca.com] > Sent: Friday, June 04, 2004 2:56 PM > To: Jerry Schwarz; Hirsch Frederick (Nokia-TP/Boston); > wss@lists.oasis-open.org > Cc: mikemci@us.ibm.com > Subject: RE: [wss] SOAP with Attachments Proposal > > > Jerry, > > What originally prompted my question was in lines 220/221 of > SwA profile > there is a mention of "possibly other out of band > information, according > to the XML Encryption Standard" and I started searching the > profile for > how to specify which key was used to sign/encrypt the > attachment. So my > guess is that even the "Processing Rules" section needs to be > updated to > reflect this possible interplay with elements in X509 profile. > > Thanks, > dims > > -----Original Message----- > From: Jerry Schwarz [mailto:jerry.schwarz@oracle.com] > Sent: Friday, June 04, 2004 2:52 PM > To: Srinivas, Davanum M; Frederick.Hirsch@nokia.com; > wss@lists.oasis-open.org > Cc: mikemci@us.ibm.com > Subject: RE: [wss] SOAP with Attachments Proposal > > > The simple answer is yes. > > But your question does bring up a structural issue. > > The intention is that this profile says how you use various > elements to > refer to attachments. It is not intended to constrain how > other elements > are used to specify key's, algorithms etc. There probably needs to be > some introductory material to make that clear. As far as I > can tell the > X509 Token Profile does not say anything about the elements that are > being specified in the SwA profile, but I may have overlooked > something. > > > At 10:55 AM 6/4/2004, Srinivas, Davanum M wrote: > >Fredrick, > > > >(Dumb?) Question: Can we still use wsse:BinarySecurityToken and > >wsse:KeyIdentifier (sections 3.3.1 and 3.3.2 in X509 Token Profile) > >with ds:KeyInfo/wsse:SecurityTokenReference to point to the > certs? For > >example to be able to have one wsse:BinarySecurityToken > that's used to > >sign/encrypt parts of the soap message and some of the attachments. > > > >Thanks, > >dims > > > >-----Original Message----- > >From: Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com] > >Sent: Friday, May 28, 2004 2:01 PM > >To: wss@lists.oasis-open.org > >Cc: mikemci@us.ibm.com; jerry.schwarz@oracle.com; > >Frederick.Hirsch@nokia.com > >Subject: [wss] SOAP with Attachments Proposal > > > >Enclosed is a draft profile for securing SOAP with Attachments (SwA) > >using WSS SOAP Message Security. > > > >I am sending this to close the action item recorded on the > 5/18/04 call > > >to submit a proposal, related to issues 285, 268, and 129, taken by > >Mike McIntosh, Jerry Schwarz and myself. > > > >We intend this as a starting point for members of the WSS TC > to discuss > > >and improve. > > > >Thanks > > > >regards, Frederick > > > >Frederick Hirsch > >Nokia > > > > <<wss-swa-profile-1.0-draft-03.pdf>> > > > > > >To unsubscribe from this mailing list (and be removed from > the roster > >of the OASIS TC), go to > >http://www.oasis-open.org/apps/org/workgroup/wss/members/leav > e_workgrou > p.php. > > > > > To unsubscribe from this mailing list (and be removed from > the roster of the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/wss/members/leave > _workgroup.php. > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]