- From: Abbie Barbir <abbieb@nortel.com>
- Date: Thu, 23 Feb 2006 21:43:52 -0500
- To: "Michael McIntosh" <mikemci@us.ibm.com>, "Arun Gupta" <Arun.Gupta@Sun.COM>
- Cc: <public-ws-addressing@w3.org>, <public-ws-addressing-request@w3.org>
See inline.. -----Original Message----- From: public-ws-addressing-request@w3.org [mailto:public-ws-addressing-request@w3.org] On Behalf Of Michael McIntosh Sent: Thursday, February 23, 2006 5:27 PM To: Arun Gupta Cc: public-ws-addressing@w3.org; public-ws-addressing-request@w3.org Subject: Re: Encrytping WS-A headers public-ws-addressing-request@w3.org wrote on 02/23/2006 05:16:48 PM: > > Section 7.0 [1] of SOAP Binding says: > > -- cut here -- > WS-Addressing message addressing properties serialized as SOAP headers > (wsa:To, wsa:Action et al.) including those headers present as a > result of the [reference parameters] property should be integrity > protected as explained in Web Services Addressing 1.0 - Core[WS-Addressing-Core]. > -- cut here -- > > This does not restrict the sender of SOAP message to encrypt WS-A > headers. If wsa:To is to be usable for routing then WS-A headers (esp > wsa:To) must not be encrypted otherwise intermediaries wouldnt be able > to route it. It could be that a sender might encrypt the header and allow the routing intermediary to decrypt it, right? ----- Yup, actually this way only Trusted intermediaries will know what to do. Abbie
Received on Friday, 24 February 2006 02:44:05 UTC