[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Additional SwA Interop Issues
Paul
Section 4.5.2 item #4 reads as follows in the latest
draft (draft 14) of the SwA profile:
"Set the <xenc:EncryptedData>
MimeType attribute to match the attachment MIME part Content-Type header before
encryption when Content-Only URI is specified for the Type attribute value. The
MimeType attribute value may also be set when the AttachmentComplete Type
attribute value is specified."
When content-only encryption is used the original
mime-type header will be replaced by the mime-type for the cipherdata, so the
original MIME Type needs to be preserved. When the headers are included in the
encrypted data then this is not required and I re-worded this item to make this
clear.
I believe issue #2 should be closed. Do you
agree?
regards,
Frederick
Frederick Hirsch Nokia From: ext Paul Cotton [mailto:pcotton@microsoft.com] Sent: Wednesday, November 17, 2004 9:10 AM To: Blake Dournaee; Hirsch Frederick (Nokia-TP/Boston) Cc: wss@lists.oasis-open.org Subject: RE: [wss] Additional SwA Interop Issues Blake: Thanks for the feedback.
Frederick: Can you point us to the changes you made in the current OASIS SwA document so that we can easily flatten issue#2 at the next TC meeting?
/paulc
Paul Cotton, Microsoft Canada From: Blake
Dournaee [mailto:blake@sarvega.com]
Paul –
I believe that Frederick has already added text to the latest draft of SwA Profile for issue #1
For issue #2, this was a typo in the examples used in the SwA Profile Interoperability Scenarios. The Id for <EncryptedData> should not have had a wsu: prefix. I don’t believe we need clarifying text unless others disagree with me.
Thanks,
Blake
From: Paul
Cotton [mailto:pcotton@microsoft.com]
> 1. The Specification of MimeType attribute is optional when content as well as headers of the attachment are being encrypted. The phrasing in the current draft of SwA Profile makes it seem that MimeType is required for either transforms (Section 4.4.2, Step 4)
Can you propose exact replacement text that is acceptable to the Interop participants to fix this issue?
>2. The Id Attribute for <EncrryptedData> should not have a namespace qualifier (e.g. “wsu”) because it falls under the XML Encryption spec and not WS-Security
Does this mistake occur in any examples in the specification or was just an error in one of the implementations? If the latter I wonder what if anything we need to do in the spec? Again is there specific additional text that you would propose?
/paulc Paul Cotton, Microsoft Canada From: Blake
Dournaee [mailto:blake@sarvega.com]
All,
Here are two more minor issues that we encountered during the first interoperability event:
Thanks,
Blake Dournaee Senior Security Architect Sarvega, Inc. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]