[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SOAP 1.2 Profile for SKSML 1.0
Tomas, we can discuss the soap 1.2 profile here and make the changes to the wiki page: http://wiki.oasis-open.org/ekmi/SOAP1_2_Profile <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <soap:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:env="http://www.w3.org/2003/05/soap-envelope"; soap:mustUnderstand="1"> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="XYZZZ"> [Your base64 encoded X.509 certificate…] </wsse:BinarySecurityToken> <ds:signature> .... </ds:signature> </wsse:Security> </soap:Header> <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="SomeUUID"> <ekmi:KeyCachePolicyRequest xmlns:ekmi="http://docs.oasis-open.org/ekmi/2008/01"/> </SOAP-ENV:Body> </soap:Envelope> We will have to describe the SOAP payload line by line as done in http://docs.oasis-open.org/ekmi/sksml/v1.0/pr01/SKSML-1.0-Specification.html IMO this profile will basically list out the SOAP payload structure with the ekmi request/response. We should definitely mandate the higher levels of assurance with ws-security 1.0 such as X509. The UsernamePasswordToken profile should be prohibited. Regards, Anil
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]