[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: WS-Security and encryption of individual message parts
I took an action item from the face-to-face to research whether we have a problem with our current MDE operation signatures, in that some of us thought the WS-Security encryption processing model only allowed encryption at the message level (WSDL term). As our MDE definitions currently stand in the WSDL, if true this would have precluded encrypting the payment argument separately from the "core" message (for example.)
Happily, WS-Security allows encryption of any XML element within the SOAP body. So even within an argument structure, you could encypt a single element if you wanted to.
The relevant section of the WS-Security spec (http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf) is section 9. The processing model is described in section 9.3.1, starting on line 1232, on page 34. In particular, at line 1243, the spec indicates that "items to be encrypted" are "XML elements, element contents within the target SOAP envelope."
So we're ok.
Thanks.
--Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]