OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: FW: [wss] SOAP with Attachments Proposal


Forgot to copy the list...I am forwarding the mail I sent to the SwA
profile authors.

--ms

-----Original Message-----
From: Maneesh Sahu 
Sent: Thursday, June 03, 2004 11:15 AM
To: 'Frederick.Hirsch@nokia.com'
Cc: 'mikemci@us.ibm.com'; 'jerry.schwarz@oracle.com'
Subject: RE: [wss] SOAP with Attachments Proposal

Hi Frederick,

The WSS SwA profile is very useful. 

I had some feedback about the document.

Page 5- "Securing SOAP with Attachments" paragraph 2 says that
"Attachments may be referenced using a CID scheme URL to refer to the
attachment that has a Content-ID MIME header value that corresponds to
the URL scheme,..."

It will be useful to refer to the attachment using the Content-Location
MIME header as well. Content-Locations can be referenced using both
relative and absolute paths. 

I am also thinking about the impact of SwA on other profiles like SAML.
There are certain scenarios in the WSS SAML profile like holder-of-key
where the SOAP body needs to be signed for message integrity. If the
request is SwA then the Body along with all the attachments must be
signed. 

Should there be a dsig transform like sign all attachments? This way if
an attachment was added to the request after the request was signed,
message tampering can be detected.

 
Regards
Maneesh Sahu
Westbridge Technology


-----Original Message-----
From: Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com] 
Sent: Friday, May 28, 2004 11:01 AM
To: wss@lists.oasis-open.org
Cc: mikemci@us.ibm.com; jerry.schwarz@oracle.com;
Frederick.Hirsch@nokia.com
Subject: [wss] SOAP with Attachments Proposal

Enclosed is a draft profile for securing SOAP with Attachments (SwA)
using WSS SOAP Message Security.

I am sending this to close the action item recorded on the 5/18/04 call
to submit a proposal, related to  issues 285, 268, and 129, taken by
Mike McIntosh, Jerry Schwarz and myself.

We intend this as a starting point for members of the WSS TC to discuss
and improve. 

Thanks

regards, Frederick

Frederick Hirsch
Nokia

 <<wss-swa-profile-1.0-draft-03.pdf>> 




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]