W3C home > Mailing lists > Public > public-ws-addressing@w3.org > February 2006

Encrytping WS-A headers

From: Arun Gupta <Arun.Gupta@Sun.COM>
Date: Thu, 23 Feb 2006 14:16:48 -0800
To: public-ws-addressing@w3.org
Message-id: <43FE3450.20000@sun.com>

Section 7.0 [1] of SOAP Binding says:

-- cut here --
WS-Addressing message addressing properties serialized as SOAP headers 
(wsa:To, wsa:Action et al.) including those headers present as a result 
of the [reference parameters] property should be integrity protected as 
explained in Web Services Addressing 1.0 - Core[WS-Addressing-Core].
-- cut here --

This does not restrict the sender of SOAP message to encrypt WS-A 
headers. If wsa:To is to be usable for routing then WS-A headers (esp 
wsa:To) must not be encrypted otherwise intermediaries wouldnt be able 
to route it.

I think WG should give some advice in the spec to that effect.

[1] 
http://dev.w3.org/cvsweb/~checkout~/2004/ws/addressing/ws-addr-soap.html#securityconsiderations

Thanks,
-Arun
-- 
got Web Services ?
Download Java Web Services Developer Pack from
http://java.sun.com/webservices
Received on Thursday, 23 February 2006 22:15:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:35:11 GMT