W3C home > Mailing lists > Public > www-ws-arch@w3.org > June 2002

RE: SOAP Confidentiality and Integrity: What do we have now?

From: Joseph Hui <Joseph.Hui@exodus.net>
Date: Thu, 20 Jun 2002 12:18:40 -0700
Message-ID: <45258A4365C6B24A9832BFE224837D551D1C64@SJDCEX01.int.exodus.net>
To: "Dournaee, Blake" <bdournaee@rsasecurity.com>, "Krishna Sankar" <ksankar@cisco.com>, <www-ws-arch@w3.org>, <xml-encryption@w3.org>, <www-xkms@w3.org>, <reagle@w3.org>

> From: Dournaee, Blake [mailto:bdournaee@rsasecurity.com]
> Sent: Thursday, June 20, 2002 11:52 AM
> To: Joseph Hui; Krishna Sankar; www-ws-arch@w3.org;
> xml-encryption@w3.org; www-xkms@w3.org; reagle@w3.org
> Subject: SOAP Confidentiality and Integrity: What do we have now?
> 
> 
> Hello All,
> 
> Where exactly do we stand in terms of existing proposals (W3C Notes,
> additional specs, etc) that offer confidentiality and 
> integrity for SOAP
> messages? We have [1], which has been used in practice by 
> some of RSA's
> customers. Is this is only existing piece of work on the subject.

[1] does not satisfy the confidentiality req.  For that you need xenc.
Note that both xenc and xml-dsig are message-based approaches from W3C.
There're also the channel-based approaches that can satisfy the two
said requirements (presumably of your particular interest) coming from
outside of W3C, for instance, the TLS, IPSec from IETF.
 
Joe Hui
Exodus, a Cable & Wireless service

[1] http://www.w3.org/TR/SOAP-dsig/
Received on Thursday, 20 June 2002 15:17:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:00 GMT