[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [wss] SwA Profile draft 15 vote Dec 14
Frederick,
I support the profile being made a committee draft.
In that context, I have the following question:
> 438:When an attachment is encrypted, no <xenc:ReferenceList> element
> is placed as a direct child of the
> <wsse:Security> header, since the <xenc:EncryptedData> element is
> present in the header, eliminating
> the need for this reference. Although the SOAP Message Security
> standard recommends the use of
> <xenc:ReferenceList>, this is only necessary when the
> <xenc:EncryptedData> element is not present in
> the <wsse:Security> header.
Does the profile effectively prohibit the use of a ReferenceList (in a
Security header) to reference
an encrypted attachment?
It would seem that a RL would be convenient when multiple things
(including attachments)
are being signed, perhaps not with an encrypted key.
I noticed the folloiwng trivial typo
> 148: Some of these attachments may be have
(extra word "be")
> a content type corresponding to XML, but do not contain the primary
> SOAP envelope to be processed.
similarly trivial, it likely would be better to remove the word "still"
from the following, as it seems to duplicate
the notion of signing something that was already signed.
> 240: it is possible to sign a MIME part that
> already contains a signed object created by an application. It may
> still be sensible to sign such an
----
Ron
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]