[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Re: Decrypting intermediaries
Here is a re-wording... are people OK with this? Parts of a SOAP message may be encrypted in such a way that they can be decrypted by an intermediary that is targeted by one of the SOAP headers. Consequently, the exact behavior of intermediaries with respect to encrypted data is undefined and requires an out-of-band agreement. -----Original Message----- From: Anthony Nadalin [mailto:drsecure@us.ibm.com] Sent: Monday, August 18, 2003 9:01 AM To: 'WS-Security' Subject: RE: [wss] Re: Decrypting intermediaries Well, I don't agree with the proposed text, so lets bring it up at next call as you clearly state behavior with your "MAY" statement Anthony Nadalin | work 512.436.9568 | cell 512.289.4122 |---------+----------------------------> | | Tim Moses | | | <tim.moses@entrus| | | t.com> | | | | | | 08/14/2003 12:10 | | | PM | |---------+----------------------------> >----------------------------------------------------------------------- -----------------------------------------------------------------------| | | | To: Anthony Nadalin/Austin/IBM@IBMUS, "'WS-Security'" <wss@lists.oasis-open.org> | | cc: | | Subject: RE: [wss] Re: Decrypting intermediaries | >----------------------------------------------------------------------- -----------------------------------------------------------------------| Tony - We were instructed by the committee to include text on the topic. The text doesn't actually specify any behaviour. It merely reminds the reader that there is an issue concerning what a decrypting intermediary should do with the forwarded message. All the best. Tim. -----Original Message----- From: Anthony Nadalin [mailto:drsecure@us.ibm.com] Sent: Wednesday, August 13, 2003 11:54 PM To: 'WS-Security' Subject: [wss] Re: Decrypting intermediaries Tim, I'm not sure the purpose of this text, what are you trying to clarify, as I'm not sure we should be defining intermediary behavior here, this seems more like something WS-I should be doing. Anthony Nadalin | work 512.436.9568 | cell 512.289.4122 |---------+----------------------------> | | Tim Moses | | | <tim.moses@entrus| | | t.com> | | | | | | 08/13/2003 07:44 | | | AM | |---------+----------------------------> >----------------------------------------------------------------------- ---- ---------------------------------------------------------------------| | | | To: Anthony Nadalin/Austin/IBM@IBMUS, "'WS-Security'" <wss@lists.oasis-open.org> | | cc: | | Subject: Decrypting intermediaries | >----------------------------------------------------------------------- ---- ---------------------------------------------------------------------| Tony - Hal and I have discussed the question of decrypting intermediaries and come up with the following text. Parts of a SOAP message may be encrypted in such a way that they can be decrypted by an intermediary that is targeted by one of the SOAP headers. In this case, the intermediary MAY leave the original <xenc:EncryptedData> element in the message when forwarding it, or it MAY substitute the corresponding plaintext. This choice SHOULD be determined by out-of-band agreement. This text should go at the end of para 9.3.2 of "WSS:SOAP Message Security-15". All the best. Tim. ----------------------------------------------------------------- Tim Moses 613.270.3183 You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup .php You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup .php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]