[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ws-sx] Issue PR020: Provide mechanism to specify signing or encryption of SwA (SOAP Messages with Attachments)
Thanks Dale. I have two questions 1. would it be simpler to have sp:SignedParts/sp:Attachment/ sp:Exclude with element content being media type? 2 is it worth the complexity to specify exclusions? regards, Frederick Frederick Hirsch Nokia On Feb 20, 2007, at 11:21 AM, ext Dale Moberg wrote: > Hi > > I agree with Frederick that a requirement to sign and/or encrypt all > attachments would be the simplest, and also agree that cid information > is not generally available at policy attachment time. > > One additional (potential) requirement given the above approach, would > be to exempt kinds of attachments from security requirements. For > example, for the media type "image/jpeg" a policy alternative could > indicate that attachments of that type can be omitted from a WSS > signature, as in: > > sp:SignedParts/sp:Attachment/sp:ExcludeImageJpeg > > Of course, a lot of assertions of this sort would be needed to > cover the > iana registered media types-- > > http://www.iana.org/assignments/media-types/ > > > > > > > -----Original Message----- > From: Frederick Hirsch [mailto:frederick.hirsch@nokia.com] > Sent: Monday, February 19, 2007 7:46 AM > To: ext Jan Alexander > Cc: Frederick Hirsch; ws-sx@lists.oasis-open.org; Greg Carpenter > Subject: Re: [ws-sx] Issue PR020: Provide mechanism to specify signing > or encryption of SwA (SOAP Messages with Attachments) > > Jan > > Thank you for reviewing my proposal. > > The simplest case is to simply require all attachments to be signed/ > encrypted, presumably sign first if both. > > I'm not sure how policy author would be able to state for individual > attachments since cid's are probably not available at the time policy > is written. Thus I'm not sure how to state meaningful policy at a > granularity of individual attachment at policy writing time. > > regards, Frederick > > Frederick Hirsch > Nokia > > > On Feb 18, 2007, at 1:37 PM, ext Jan Alexander wrote: > >> Hi Frederick, >> >> I took an action item on the last TC call to look more into your >> proposal below. >> >> In general, I agree with the proposed solution since message >> attachments are generally considered as parts of the message. >> However I wonder what is your proposal for identifying individual >> attachments? Since WS-SP does not depend on WSDL and is WSDL >> agnostic it is not clear to me how the attachment parts are >> distinguished if there is more than one attached to the message so >> that the individual attachments can be mapped to the respective >> protection assertion "attachment" elements in the receiver's >> security policy. Or is your proposal to uniformly protect all the >> message attachments by using a single "attachment" element? >> >> Thanks, >> --Jan >> >> >> -----Original Message----- >> From: Greg Carpenter [mailto:gregcarp@microsoft.com] >> Sent: Monday, February 12, 2007 7:16 AM >> To: ws-sx@lists.oasis-open.org >> Cc: Frederick Hirsch >> Subject: [ws-sx] Issue PR020: Provide mechanism to specify signing >> or encryption of SwA (SOAP Messages with Attachments) >> >> Issue PR020 >> >> -----Original Message----- >> From: Frederick Hirsch [mailto:frederick.hirsch@nokia.com] >> Sent: Sunday, February 11, 2007 8:09 AM >> To: WS-SX OASIS >> Cc: Hirsch Frederick; Carpenter Greg >> Subject: [ws-sx] NEW Issue: Provide mechanism to specify signing or >> encryption of SwA (SOAP Messages with Attachments) >> >> PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL >> THE ISSUE IS ASSIGNED A NUMBER. >> >> The issues coordinators will notify the list when that has occurred. >> >> Protocol: ws-securitypolicy >> http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/ >> 21401/ >> ws-securitypolicy-1.2-spec-cd-01.pdf >> >> Artifact: spec >> >> Type: design >> Title: No means to express need to secure SOAP Messages with >> Attachments (SwA) >> >> Description: >> >> The current specification provides no mechanism to express the >> requirement to secure SOAP Messages with Attachments (SwA). >> >> Related issues: >> None. >> Proposed Resolution: >> >> Add to sp:SignedParts and sp:EncryptedParts sp:SignedParts/Attachment >> and sp:EncryptedParts/Attachment respectively. >> >> regards, Frederick >> >> Frederick Hirsch >> Nokia >> >> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]