OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Issue: attachment encryption clarification

Does the SOAP Message Security Draft 18, July 15, 2003 provide clear enough processing rules for encrypting SOAP attachments? I think the following is implied but not explicitly stated:

1. Encrypt attachment as octet sequence, serializing if necessary, following XML Encryption processing rules.
2. Replace the attachment content with the ciphertext.
3. Create the xenc:EncryptedData element as defined in XML Encryption and place it in the wsse:Security header. This EncryptedData element should have a xenc:CipherReference pointing to the attached cipher text.

Perhaps the line 1154-1155 in the merged draft should read:

"For an attachment, the contents MUST be replaced by encrypted cipher data and the corresponding EncryptedData element placed in the Security header, with a CipherReference referring to the attached cipher text."

(I'm not sure how to interpret "as described in section 9.3 signature validation")

regards, Frederick
Frederick Hirsch
Nokia Mobile Phones

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]