OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wss] Re: Decrypting intermediaries





Since I have not seen any objections, I'll update the document as follows:

Parts of a SOAP message may be encrypted in such a way that they can be
decrypted by an intermediary that is targeted by one of the SOAP headers.
Consequently, the exact behavior of intermediaries with respect to
encrypted data  is not defined by this specification.

Anthony Nadalin | work 512.436.9568 | cell 512.289.4122


|---------+---------------------------->
|         |           merlin           |
|         |           <merlin@baltimore|
|         |           .ie>             |
|         |           Sent by:         |
|         |           merlin@baltimore.|
|         |           ie               |
|         |                            |
|         |                            |
|         |           08/18/2003 03:14 |
|         |           PM               |
|---------+---------------------------->
  >----------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                                              |
  |       To:       "Chris Kaler" <ckaler@microsoft.com>                                                                                         |
  |       cc:       Anthony Nadalin/Austin/IBM@IBMUS, "WS-Security" <wss@lists.oasis-open.org>                                                   |
  |       Subject:  Re: [wss] Re: Decrypting intermediaries                                                                                      |
  >----------------------------------------------------------------------------------------------------------------------------------------------|




r/ckaler@microsoft.com/2003.08.18/11:55:53
>Here is a re-wording... are people OK with this?
>
>Parts of a SOAP message may be encrypted in such a way that they can be
>decrypted by an intermediary that is targeted by one of the SOAP
>headers.  Consequently, the exact behavior of intermediaries with
>respect to encrypted data is undefined and requires an out-of-band
>agreement.

How about:             ... is not defined by this specification.

merlin

>-----Original Message-----
>From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
>Sent: Monday, August 18, 2003 9:01 AM
>To: 'WS-Security'
>Subject: RE: [wss] Re: Decrypting intermediaries
>
>
>
>
>
>Well, I don't agree with the proposed text, so lets bring it up at next
>call as you clearly state behavior with your "MAY" statement
>
>Anthony Nadalin | work 512.436.9568 | cell 512.289.4122
>
>
>|---------+---------------------------->
>|         |           Tim Moses        |
>|         |           <tim.moses@entrus|
>|         |           t.com>           |
>|         |                            |
>|         |           08/14/2003 12:10 |
>|         |           PM               |
>|---------+---------------------------->
>
>>-----------------------------------------------------------------------
>-----------------------------------------------------------------------|
>  |
>|
>  |       To:       Anthony Nadalin/Austin/IBM@IBMUS, "'WS-Security'"
><wss@lists.oasis-open.org>
>|
>  |       cc:
>|
>  |       Subject:  RE: [wss] Re: Decrypting intermediaries
>|
>
>>-----------------------------------------------------------------------
>-----------------------------------------------------------------------|
>
>
>
>
>Tony - We were instructed by the committee to include text on the topic.
>
>The text doesn't actually specify any behaviour.  It merely reminds the
>reader that there is an issue concerning what a decrypting intermediary
>should do with the forwarded message.  All the best.  Tim.
>
>-----Original Message-----
>From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
>Sent: Wednesday, August 13, 2003 11:54 PM
>To: 'WS-Security'
>Subject: [wss] Re: Decrypting intermediaries
>
>
>
>
>
>
>Tim,
>
>I'm not sure the purpose of this text, what are you trying to clarify,
>as
>I'm not sure we should be defining intermediary behavior here, this
>seems
>more like something WS-I should be doing.
>
>Anthony Nadalin | work 512.436.9568 | cell 512.289.4122
>
>
>|---------+---------------------------->
>|         |           Tim Moses        |
>|         |           <tim.moses@entrus|
>|         |           t.com>           |
>|         |                            |
>|         |           08/13/2003 07:44 |
>|         |           AM               |
>|---------+---------------------------->
>
>>-----------------------------------------------------------------------
>----
>
>---------------------------------------------------------------------|
>  |
>|
>  |       To:       Anthony Nadalin/Austin/IBM@IBMUS, "'WS-Security'"
><wss@lists.oasis-open.org>
>|
>  |       cc:
>|
>  |       Subject:  Decrypting intermediaries
>|
>
>>-----------------------------------------------------------------------
>----
>
>---------------------------------------------------------------------|
>
>
>
>
>Tony - Hal and I have discussed the question of decrypting
>intermediaries
>and come up with the following text.
>
>Parts of a SOAP message may be encrypted in such a way that they can be
>decrypted by an intermediary that is targeted by one of the SOAP
>headers.
>In this case, the intermediary MAY leave the original
><xenc:EncryptedData>
>element in the message when forwarding it, or it MAY substitute the
>corresponding plaintext.  This choice SHOULD be determined by
>out-of-band
>agreement.
>
>This text should go at the end of para 9.3.2 of "WSS:SOAP Message
>Security-15".
>
>All the best.  Tim.
>
>-----------------------------------------------------------------
>Tim Moses
>613.270.3183
>
>
>
>You may leave a Technical Committee at any time by visiting
>http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup
>.php
>
>
>
>
>You may leave a Technical Committee at any time by visiting
>http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup
>.php
>
>
>You may leave a Technical Committee at any time by visiting
http://www.oasis-o
>pen.org/apps/org/workgroup/wss/members/leave_workgroup.php
>


-----------------------------------------------------------------------------

The information contained in this message is confidential and is intended
for the addressee(s) only.  If you have received this message in error or
there are any problems please notify the originator immediately.  The
unauthorised use, disclosure, copying or alteration of this message is
strictly forbidden. Baltimore Technologies plc will not be liable for
direct, special, indirect or consequential damages arising from alteration
of the contents of this message by a third party or as a result of any
virus being passed on.

This footnote confirms that this email message has been swept for Content
Security threats, including computer viruses.
http://www.baltimore.com


You may leave a Technical Committee at any time by visiting
http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]