wss message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Issue 349 proposed resolution
- From: <Frederick.Hirsch@nokia.com>
- To: <wss@lists.oasis-open.org>
- Date: Fri, 4 Feb 2005 10:26:41 -0500
Proposed resolution
for Issue 349 [1], message [2]
1. Line 438
indicates that when an attachment is encrypted, no ReferenceList is required in
the wsse:Security header since the EncryptedData element is in the header. The
processing rule at line 495 specifically states that no ReferenceList element is
to be added to the security header ("Do NOT add...")
Ron proposes that
use of a ReferenceList in this case should be application
decision.
Proposed
resolution:
Change lines 438
from:
"When an attachment is
encrypted, no <xenc:ReferenceList> element is placed as a direct child of
the <wsse:Security> header, since the <xenc:EncryptedData> element
is present in the header, eliminating the need for this reference. Although the
SOAP Message Security standard recommends the use of <xenc:ReferenceList>,
this is only necessary when the <xenc:EncryptedData> element is not
present in the <wsse:Security> header. (As mentioned, when the key is
conveyed in an <xenc:EncryptedKey> element, then this element will have a
ReferenceList Reference to the <xenc:EncryptedData> element)."
to
"When an attachment is
encrypted, an
<xenc:ReferenceList> element SHOULD NOT be placed as a direct child of the
<wsse:Security> header, since the <xenc:EncryptedData> element is
present in the header, eliminating the need for this reference. Although the
SOAP Message Security standard recommends the use of <xenc:ReferenceList>,
this is only necessary when the <xenc:EncryptedData> element is not
present in the <wsse:Security> header. (As mentioned, when the key is
conveyed in an <xenc:EncryptedKey> element, then this element will have a
ReferenceList Reference to the <xenc:EncryptedData> element)."
and 495-497 from:
8.
"Prepend the
<xenc:EncryptedData> element to the <wsse:Security> SOAP header
block. Do NOT add a <xenc:ReferenceList> element to the SOAP header block
(even though recommended by SOAP Message Security)"
.
to the
following:
"Prepend the
<xenc:EncryptedData> element to the <wsse:Security> SOAP header
block. An application SHOULD NOT add a <xenc:ReferenceList> element to the
SOAP header block (even though recommended by SOAP Message
Security)."
2. Typo at line 148
- proposed resolution, remove extra "be" as noted
Some of these attachments may [be]
have
3. Remove "still"
at line 240, proposed resolution
it is possible to sign a MIME part that
already contains a signed object created by an application. It may[still] be sensible to sign such
an
regards, Frederick
Frederick Hirsch
Nokia
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]