Attachments Profile

[<Frederick.Hirsch@nokia.com>]

Note that I updated the attachments profile proposal (v4) uploaded to Kavi.

Diffed [1] and non-diffed [2] PDF available. Used open office source for this [3].

Changes:

1) Added MIME part signature transform to provide integrity for all attachments at once, to protect against attachment insertion or deletion threat.

2) Added new Decryption Transform mode for MIME parts - the Decryption Transform is a W3C recommendation  [4] that allows a receiver to determine which encrypted content must first be decrypted before signature verification. This is done by specifying what does not need to be decrypted (ie what encrypted content is covered by the signature).  An additional mode may be suitable for attachments since the SwA proposal uses ciphertext in attachments instead of <xenc:EncryptedData> elements. Defined namespace prefix for this mode.

3) Updated reference for MIME to MIME v3, RFC2633 instead of RFC 2311

4)Defined draft URLs for MIME Part Signature Transforms

5)Editorial cleanup, expand WSS:


Open issues

Is cid scheme adequate, or should Content-Location and corresponding URLS (requiring resolution mechanism) be supported. Initial proposal restricted to Content-ID.

References

[1] http://www.oasis-open.org/apps/org/workgroup/wss/download.php/7236/wss-swa-profile-1.0-draft-04-diff.pdf

[2]http://www.oasis-open.org/apps/org/workgroup/wss/download.php/7236/wss-swa-profile-1.0-draft-04.pdf

[3] http://www.oasis-open.org/apps/org/workgroup/wss/download.php/7236/wss-swa-profile-1.0-draft-04.sxw

[4] http://www.w3.org/TR/xmlenc-decrypt 

regards, Frederick

Frederick Hirsch
Nokia