[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue: attachment encryption clarification
Does the SOAP Message Security Draft 18, July 15, 2003 provide clear enough processing rules for encrypting SOAP attachments? I think the following is implied but not explicitly stated: 1. Encrypt attachment as octet sequence, serializing if necessary, following XML Encryption processing rules. 2. Replace the attachment content with the ciphertext. 3. Create the xenc:EncryptedData element as defined in XML Encryption and place it in the wsse:Security header. This EncryptedData element should have a xenc:CipherReference pointing to the attached cipher text. Perhaps the line 1154-1155 in the merged draft should read: "For an attachment, the contents MUST be replaced by encrypted cipher data and the corresponding EncryptedData element placed in the Security header, with a CipherReference referring to the attached cipher text." (I'm not sure how to interpret "as described in section 9.3 signature validation") regards, Frederick Frederick Hirsch Nokia Mobile Phones
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]