OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ebxml-msg] Some suggestions regarding default security settings in ebMS 3.0

Sacha Schlegel wrote:

In this discussion, signature and encryption were identified as two key
functions, and the order in which they occur. It was noted that ebMS 3.0
no longer specifies the default configuration as was defined in ebMS

ebMS 2.0 has two defaults:
a) encrypt first, then sign. As a Note in section

Hi Sacha,

The TC found that the ebMS 2.0 default on protection ordering was
actually sign, then encrypt.

The current ebMS 3.0 draft appears to use this as the order default
across any conformance profile.

So the updates proposed for defaults in the Gateway conformance profile
will mainly deal with providing defaults on what an application will
sign and what it will encrypt (when the end users involved do not
otherwise agree on referenced parts, elements, or attachments).

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]