OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

legalxml-courtfiling message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: SOAP MTOM 1.0 Section 4.1.1

Jim,

 

The WebServices SIP specification (i.e. ecf-v4.0-webservices-v2.0-spec-cd01.doc) provides the following in section 2.6:

 

The [SOAP MTOM 1.0] references is:

 

[SOAP MTOM 1.0]   D. Angelov, C. Ferris, A Karmarkar, C Liu, J Marsh, J Mischikinsky, A Nadalin, U Yakmalp, SOAP 1.1 Binding for MTOM 1.0, http://www.w3.org/Submission/soap11mtom10/, W3C Member Submission, April 05, 2006.

 

The hyperlink provides access to

 

 

There does not appear to be a Section 4.1.1 in this document. There is only a Section 4. Security Considerations (below):

 

4. Security Considerations

Because SOAP can carry application defined data whose semantics is independent from that of any MIME wrapper (or context within which the MIME wrapper is used), one should not expect to be able to understand the semantics of the SOAP message based on the semantics of the MIME wrapper alone. Therefore, whenever using the application/xop+xml media type, it is strongly advised that the security implications of the context within which the SOAP message is used is fully understood. The security implications are likely to involve both the specific SOAP binding to an underlying protocol as well as the application-defined semantics of the data carried in the SOAP message.

It is assumed that such mechanisms that protect SOAP messages at the infoset level will seamlessly adapt to provide protection for messages conforming to this document. It is strongly recommended that the messages be secured using those mechanisms.  In order to properly secure messages, the body and all relevant headers need to be included in the signature. It should be noted that for messages traveling through intermediaries, it is possible that some or all of the message information headers may have multiple signatures when the message arrives at the ultimate receiver.  It is strongly recommended that the initial sender include a signature to prevent any spoofing by intermediaries.

 

Jim, is this just a reference numbering error in the ECF WebServices SIP specification (e.g. should reference Section 4 and not 4.1.1) or has an incorrect reference been provided? If it is an incorrect reference, do you know what the intended reference should be?

 

Thanks

 

Gary Graham

 

 

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]