OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] encryption of wsse:security headers

Just trying to make sure we are talking about the same thing.  You want
the <wsse:Securty> header block, including the element encrypted?

Can you elaborate the use case of encrypting the entire header block as
opposed to encrypting the contents of the header block?

-----Original Message-----
From: Ron Monzillo [mailto:Ronald.Monzillo@Sun.COM] 
Sent: Tuesday, March 16, 2004 8:33 AM
To: Chris Kaler
Cc: wss@lists.oasis-open.org
Subject: Re: [wss] encryption of wsse:security headers

Chris Kaler wrote:

>Do you mean "header" or element within the security header?
I am asking how one uses WSS to encrypt  a wsse:security header.
It looks like this would be permitted by the spec.


> 270 This specification provides a means to protect a message by 
> encrypting
> and/or digitally signing a body, a header, or any combination of them
> parts of them).

> 1223 The message creator MUST NOT encrypt the <S11:Envelope>,
> <S12:Envelope>,, <S11:Header>, <S12:Header>, or <S11:Body>, <S12:Body>
> elements but MAY encrypt child elements of either the <S11:Header>, 
> <S12:Header> and
> <S11:Body> or <S12:Body> elements. Multiple steps of encryption MAY be

> added into a
> single <wsse:Security> header block if they are targeted for the same 
> recipient.
> When an element or element content inside a SOAP envelope (e.g. the 
> contents of the
> <S11:Body> or <S12:Body> elements) are to be encrypted, it MUST be 
> replaced by an
> <xenc:EncryptedData>, according to XML Encryption and it SHOULD be 
> referenced from the
> <xenc:ReferenceList> element created by this encryption step.

>-----Original Message-----
>From: Ron Monzillo [mailto:Ronald.Monzillo@Sun.COM] 
>Sent: Tuesday, March 09, 2004 5:56 AM
>To: wss@lists.oasis-open.org
>Subject: [wss] encryption of wsse:security headers
>If you want to encrypt a security header, can you replace it with just 
>an EncryptedData element,
>or do you need another place to store an EncryptedKey or a
>To unsubscribe from this mailing list (and be removed from the roster
>the OASIS TC), go to
>To unsubscribe from this mailing list (and be removed from the roster
of the OASIS TC), go to

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]