Re: [ebxml-msg-as4] Some Security Module Profiling Proposals

[Ric Emery <remery@us.axway.com>]

Title: Re: [ebxml-msg-as4] Some Security Module Profiling Proposals

7.4 and 7.5 – indicate that a message MUST be encrypted. I do not think that we want to require encryption of all AS4 messages. 
You might want to reword to indicate that an AS4 encrypted message requires the SOAP Body and any MIME Attachments be encrypted. But, encryption is not mandatory.


On 8/11/08 1:29 PM, "Timothy Bennett" <timothy@drummondgroup.com> wrote:

> I'd like to make the following profiling proposals for AS4 for Section 7 of the ebMS v3 Spec.  Please comment and provide feedback.
>
>
> 7.2 Signing Messages
>
> AS4 messages SHALL NOT use Enveloped Signatures.  Only Detached Signatures will be supported for signing user messages and signal messages.
>
> The entire eb:Messaging Container Element and the SOAP Body MUST be included in the signature.
>
> 7.3 Signing SOAP with Attachments Messages
>
> AS4 messages that are packaged using SOAP with Attachments SHALL NOT use the Attachment-Complete transform.  Only the Attachment-Content-Only transform will be used.
>
> The entire eb:Messaging Container Element and all MIME body parts MUST be included in the signature.
>
> 7.4 Encrypting Messages
>
> The eb:PartyInfo section SHALL NOT be encrypted.
>
> The SOAP Body MUST be encrypted.
>
> 7.5 Encrypting SOAP with Attachments Messages
>
> MIME body parts of included payloads MUST be encrypted.
>
>
> --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php