[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 377 Proposed resolution (SwA profile, ReferenceList usage)
This email contains a proposed resolution to issue 377 on the SwA profile, regarding ReferenceList usage [1]. Proposal Change Section 4.5 paragraph 5 from: "When an attachment is encrypted, an <xenc:ReferenceList> element SHOULD NOT be placed as a direct child of the <wsse:Security> header, since the <xenc:EncryptedData> element is present in the header, eliminating the need for this reference. Although the SOAP Message Security standard recommends the use of <xenc:ReferenceList>, this is only necessary when the <xenc:EncryptedData> element is not present in the <wsse:Security> header. (As mentioned, when the key is conveyed in an <xenc:EncryptedKey> element, then this element will have a ReferenceList Reference to the <xenc:EncryptedData> element)." To "When an attachment is encrypted, an <xenc:EncryptedData> element will be placed in the <wsse:Security> header. An <xenc:ReferenceList> element associated with this <xenc:EncryptedData> element may also be added, as recommended by WSS: SOAP Message Security." And change step 8 in 4.5.2 from: "Prepend the <xenc:EncryptedData> element to the <wsse:Security> SOAP header block. An application SHOULD NOT add a <xenc:ReferenceList> element to the SOAP header block (even though recommended by SOAP Message Security)." To "Prepend the required <xenc:EncryptedData> element to the <wsse:Security> SOAP header block and then prepend the associated optional <xenc:ReferenceList> element." Rationale: The raised issue correctly points out that there may be valid reasons for using an <xenc:EncryptedData> element in conjunction with an encrypted attachment. It is also preferable to be consistent with expectations established with WSS:SOAP Message Security Recommendations. This change broadens the ability of implementations to do what is needed, and thus is compatible with implementations compliant with previous versions of the SwA profile. Comment: Please send any comment or issues on this resolution to the WSS list in advance of the 3 May meeting. Thanks regards, Frederick Frederick Hirsch Nokia [1] http://www.oasis-open.org/apps/org/workgroup/wss/download.php/12309/wss- issues-64.html See 377 and http://lists.oasis-open.org/archives/wss-comment/200503/msg00002.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]