RE: [wss] SOAP with Attachments Proposal

[Jerry Schwarz <jerry.schwarz@oracle.com>]

The simple answer is yes.

But your question does bring up a structural issue.

The intention is that this profile says how you use various elements to 
refer to attachments. It is not intended to constrain how other elements 
are used to specify key's, algorithms etc.  There probably needs to be some 
introductory material to make that clear. As far as I can tell the X509 
Token Profile does not say anything about the elements that are being 
specified in the SwA profile, but I may have overlooked something.


At 10:55 AM 6/4/2004, Srinivas, Davanum M wrote:
>Fredrick,
>
>(Dumb?) Question: Can we still use wsse:BinarySecurityToken and
>wsse:KeyIdentifier (sections 3.3.1 and 3.3.2 in X509 Token Profile) with
>ds:KeyInfo/wsse:SecurityTokenReference to point to the certs? For
>example to be able to have one wsse:BinarySecurityToken that's used to
>sign/encrypt parts of the soap message and some of the attachments.
>
>Thanks,
>dims
>
>-----Original Message-----
>From: Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com]
>Sent: Friday, May 28, 2004 2:01 PM
>To: wss@lists.oasis-open.org
>Cc: mikemci@us.ibm.com; jerry.schwarz@oracle.com;
>Frederick.Hirsch@nokia.com
>Subject: [wss] SOAP with Attachments Proposal
>
>Enclosed is a draft profile for securing SOAP with Attachments (SwA)
>using WSS SOAP Message Security.
>
>I am sending this to close the action item recorded on the 5/18/04 call
>to submit a proposal, related to  issues 285, 268, and 129, taken by
>Mike McIntosh, Jerry Schwarz and myself.
>
>We intend this as a starting point for members of the WSS TC to discuss
>and improve.
>
>Thanks
>
>regards, Frederick
>
>Frederick Hirsch
>Nokia
>
>  <<wss-swa-profile-1.0-draft-03.pdf>>
>
>
>To unsubscribe from this mailing list (and be removed from the roster of 
>the OASIS TC), go to 
>http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php.