OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Updated: (EBXMLMSG-13) D.3.6. and, external payloads

     [ http://tools.oasis-open.org/issues/browse/EBXMLMSG-13?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Pim van der Eijk updated EBXMLMSG-13:

TC Meeting of June 26:

Decided to add a third PMode sub-parameter for signing / encrypting external payloads as a separate configuration parameter in the Core Spec.   Pim will propose some text.  .

> D.3.6. and,  external payloads
> ----------------------------------------
>                 Key: EBXMLMSG-13
>                 URL: http://tools.oasis-open.org/issues/browse/EBXMLMSG-13
>             Project: OASIS ebXML Messaging Services TC
>          Issue Type: Bug
>          Components: Core Spec
>            Reporter: Pim van der Eijk
> According to section,  it is possible to reference payload parts outside the ebMS envelope.  E.g. a static file on Web server or some data in a Cloud storage service.   This is a useful feature as it allows a sender to send a small message that references possibly huge payloads.  The receiver could download those payloads at a time that is convenient for them.  We have had requests for this feature in the past, and it is functionality of some proprietary protocols.  But the feature is underspecified in the core spec.  
> In D.3.6, it is possible to express that parts of the SOAP envelope or attachments are to be signed,  but it is not possible to specify that parts outside the ebMS envelope are to be signed using PMode[1].Security.Sign.   It is useful to be able to sign those payloads,  so non-repudiation covers those payloads as well.  Similarly, a signed receipt could then acknowledge that the receiver has downloaded the referenced parts and validated that the digest of those parts is valid.   (Since the payloads may be large,  such receipts should be sent asynchronously, giving the receiver time to download the parts). 

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]