RE: [wss] Comments on WSS-X509 draft 06-05 merged.pdf

[Tim Moses <tim.moses@entrust.com>]

Toshi - OK.  This sounds fine.  All recipients of encrypted content (the
single ultimate receiver and zero or more intermediaries) must occupy
distinct roles.  Each role must have a separate security header, which
references their certificate and contains the necessary symmetric key(s)
encrypted using that certificate.

Should we recommend that the symmetric key(s) also be encrypted for the
initial SOAP sender?

All the best.  Tim.

-----Original Message-----
From: NISHIMURA Toshihiro [mailto:nishimura.toshi@jp.fujitsu.com]
Sent: Monday, July 14, 2003 9:09 PM
To: wss@lists.oasis-open.org
Subject: Re: [wss] Comments on WSS-X509 draft 06-05 merged.pdf


Tim,

This is a comment on the first matter.

I understand your requirement is
  "one SOAP message for multiple ultimate SOAP receivers."

It seems to me that current SOAP spec does not suppose this case.

| SOAP provides a distributed processing model that assumes a SOAP
| message originates at an initial SOAP sender and is sent to an
| ultimate SOAP receiver via zero or more SOAP intermediaries. 
(From section "2. SOAP Processing Model" of SOAP V1.2 W3C Recommendation)


> 1. I am concerned that it will not always be possible to assign each
> recipient to a role that can be agreed between all parties.  In some
cases,
> there may be more than one intended recipient, but the sender is not able
to
> distinguish between them on the basis of role, only on the basis of
> identity.  So, I prefer that it be "optional" to address each recipient by
a
> separate role, and therefore, by a separate header.
---
NISHIMURA Toshihiro (FAMILY Given)
nishimura.toshi@jp.fujitsu.com
XML/Web Services Technology Dept.,
STRATEGY AND TECHNOLOGY DIV., FUJITSU LIMITED

You may leave a Technical Committee at any time by visiting
http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php