OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] encryption of wsse:security headers

Just trying to make sure we are talking about the same thing.  You want
the <wsse:Securty> header block, including the element encrypted?

Can you elaborate the use case of encrypting the entire header block as
opposed to encrypting the contents of the header block?

-----Original Message-----
From: Ron Monzillo [mailto:Ronald.Monzillo@Sun.COM] 
Sent: Tuesday, March 16, 2004 8:33 AM
To: Chris Kaler
Cc: wss@lists.oasis-open.org
Subject: Re: [wss] encryption of wsse:security headers



Chris Kaler wrote:

>Do you mean "header" or element within the security header?
>  
>
I am asking how one uses WSS to encrypt  a wsse:security header.
It looks like this would be permitted by the spec.

Ron

> 270 This specification provides a means to protect a message by 
> encrypting
> and/or digitally signing a body, a header, or any combination of them
(or
> parts of them).

> 1223 The message creator MUST NOT encrypt the <S11:Envelope>,
> <S12:Envelope>,, <S11:Header>, <S12:Header>, or <S11:Body>, <S12:Body>
> elements but MAY encrypt child elements of either the <S11:Header>, 
> <S12:Header> and
> <S11:Body> or <S12:Body> elements. Multiple steps of encryption MAY be

> added into a
> single <wsse:Security> header block if they are targeted for the same 
> recipient.
> When an element or element content inside a SOAP envelope (e.g. the 
> contents of the
> <S11:Body> or <S12:Body> elements) are to be encrypted, it MUST be 
> replaced by an
> <xenc:EncryptedData>, according to XML Encryption and it SHOULD be 
> referenced from the
> <xenc:ReferenceList> element created by this encryption step.

>-----Original Message-----
>From: Ron Monzillo [mailto:Ronald.Monzillo@Sun.COM] 
>Sent: Tuesday, March 09, 2004 5:56 AM
>To: wss@lists.oasis-open.org
>Subject: [wss] encryption of wsse:security headers
>
>If you want to encrypt a security header, can you replace it with just 
>an EncryptedData element,
>or do you need another place to store an EncryptedKey or a
>ReferenceList?
>
>
>To unsubscribe from this mailing list (and be removed from the roster
of
>the OASIS TC), go to
>http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgrou
p
>.php.
>
>
>To unsubscribe from this mailing list (and be removed from the roster
of the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup
.php.
>
>  
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]