W3C home > Mailing lists > Public > www-xenc-xmlp-tf@w3.org > December 2001

Re: XMLP Comments to XMLE LC

From: Joseph Reagle <reagle@w3.org>
Date: Fri, 21 Dec 2001 17:02:31 -0500
Message-Id: <200112212202.RAA09480@tux.w3.org>
To: "Hiroshi Maruyama" <MARUYAMA@jp.ibm.com>
Cc: "David Orchard" <dorchard@bea.com>, www-xenc-xmlp-tf@w3.org, "Satoshi Hada" <SATOSHIH@jp.ibm.com>, "Takeshi Imamura" <IMAMU@jp.ibm.com>, "Maryann Hondo" <mhondo@us.ibm.com>
On Wednesday 19 December 2001 04:32, Hiroshi Maruyama wrote:
> We have been looking at applying XML Encryption to SOAP envelope.  The
> following is an example of SOAP header for XML encryption that we are
> considering.  The point here is that the receiving SOAP application knows
> what <xenc:EncryptedData> elements are to be decrypted.

Ah... So you think it is likely/desirable to create specific SOAP security 
headers for this purpose? What are the semantics of these additional 
headers over that of a message without them but the payload is still an 
EncryptedData? Is it that if one has the SOAP-SEC:Encryption, if the data 
can't be encrypted then SOAP has the capability to respond with an error 
message (e.g., "Data un-decipherables")?

> <SOAP-SEC:Encryption> element is combined with <SOAP-SEC:Signature>, the
> use of the decryption transform solve the interdependency problem.  Also
> our scenario includes encrypting SOAP attachments through a "cid: ..."
> URI. (such as cid:image.jpg).

Could you show that in an example too?

-- 

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Friday, 21 December 2001 17:02:40 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.30 : Friday, 25 March 2005 11:21:54 GMT