[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Use of Decryption Transform
Unlike Hal, I think that the scenario described in section 9.4 is relevant: "The ordering semantics of the <wsse:Security> header are sufficient to determine if signatures are over encrypted or unencrypted data. However, when a signature is included in one <wsse:Security> header and the encryption data is in another <wsse:Security> header, the proper processing order may not be apparent. If the producer wishes to sign a message that MAY subsequently be encrypted by an intermediary then the producer MAY use the Decryption Transform for XML Signature to explicitly specify the order of decryption." However, I agree with Hal that we do not want to require that all consumers implement code to untangle dependencies in the event that a producer includes it. I propose that we remove this section and when time permits I will generate a profile submission for use of the Decryption Transform with WSS.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]