[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SwA Interoperability Document
Hello Everyone, It's time to start writing the interop document for the SwA profile. I'll be heading this up and want to gather feedback for the scenarios that we would like to have. As of now, I'm proposing the following scenarios: 1. Signed Attachments (a) Sign an opaque binary attachment using "Attachment-Complete" (b) Sign an opaque binary attachment using "Attachment-Content-Only" 2. Encrypted Attachments (a) Encrypt an opaque binary attachment using the "Attachment-Complete" URI on <EncryptedData> and the "ContentOnlyCipherText" transform (b) Encrypt an opaqye binary attachment using the "Attachment-Content- Only" URI on <EncryptedData> and the "ContentOnlyCipherText" transform 3. Signed and Encrypted Attachment (a) Sign, then encrypt an attachment. For the signing operation use "Attachment-Complete", for the encryption operation, choose "Attachment-Complete" as well. *4. Signing a child element within an attachment that happens to be XML. This scenario will involve the use of an XPath transform at a minimum. * What do people think of this scenario? I believe that it goes outside the bounds of the SwA profile, but believe that it is a good exercise for implementations. Unless we make a statement about all XML attachments being opaque, it won't be long before someone may want to do this. Please send me your comments and ideas for this interop; we can talk more on the call tomorrow. Kind Regards, Blake Dournaee Senior Security Architect Sarvega, Inc.