[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: FW: [wss] SOAP with Attachments Proposal
Forgot to copy the list...I am forwarding the mail I sent to the SwA profile authors. --ms -----Original Message----- From: Maneesh Sahu Sent: Thursday, June 03, 2004 11:15 AM To: 'Frederick.Hirsch@nokia.com' Cc: 'mikemci@us.ibm.com'; 'jerry.schwarz@oracle.com' Subject: RE: [wss] SOAP with Attachments Proposal Hi Frederick, The WSS SwA profile is very useful. I had some feedback about the document. Page 5- "Securing SOAP with Attachments" paragraph 2 says that "Attachments may be referenced using a CID scheme URL to refer to the attachment that has a Content-ID MIME header value that corresponds to the URL scheme,..." It will be useful to refer to the attachment using the Content-Location MIME header as well. Content-Locations can be referenced using both relative and absolute paths. I am also thinking about the impact of SwA on other profiles like SAML. There are certain scenarios in the WSS SAML profile like holder-of-key where the SOAP body needs to be signed for message integrity. If the request is SwA then the Body along with all the attachments must be signed. Should there be a dsig transform like sign all attachments? This way if an attachment was added to the request after the request was signed, message tampering can be detected. Regards Maneesh Sahu Westbridge Technology -----Original Message----- From: Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com] Sent: Friday, May 28, 2004 11:01 AM To: wss@lists.oasis-open.org Cc: mikemci@us.ibm.com; jerry.schwarz@oracle.com; Frederick.Hirsch@nokia.com Subject: [wss] SOAP with Attachments Proposal Enclosed is a draft profile for securing SOAP with Attachments (SwA) using WSS SOAP Message Security. I am sending this to close the action item recorded on the 5/18/04 call to submit a proposal, related to issues 285, 268, and 129, taken by Mike McIntosh, Jerry Schwarz and myself. We intend this as a starting point for members of the WSS TC to discuss and improve. Thanks regards, Frederick Frederick Hirsch Nokia <<wss-swa-profile-1.0-draft-03.pdf>>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]