- From: Joseph Reagle <reagle@w3.org>
- Date: Tue, 19 Feb 2002 13:43:20 -0500
- To: noah_mendelsohn@us.ibm.com, david.orchard@bea.com
- Cc: "'www-xenc-xmlp-tf'" <www-xenc-xmlp-tf@w3.org>, "'xml-dist-app'" <xml-dist-app@w3.org>, "'xml-encryption'" <xml-encryption@w3.org>
Exactly. Applications which use to use XML Encryption or otherwise expect to have elements from other namespaces need to be savvy about what they want to do (e.g., encrypt the content of a SOAP:Header) and how they want to do it (e.g., write a flexible, create a new namespace ,etc.) Applications that haven't done this might have to take some other steps which won't as easy and straightforward but it's their call. There's no solution that automatically makes all pre-existing XML applications XML encryption aware or capable in every possible scenario -- like encryption the SOAP header itself. On Monday 18 February 2002 20:21, noah_mendelsohn@us.ibm.com wrote: > which is indeed not valid SOAP, suggesting the need for a new media type. > But... that's not how you would use SOAP IMO. I suggest instead: > > <SOAP:Envelope xmlns:soap="..." > > <SOAP:Header> > <xenc:EncryptedData xmlns:xenc="..." > SOAP:mustUnderstand="true" > SOAP:role="decryptingIntermediary"> > ... > </xenc:EncryptedData> > </SOAP:Header> > <SOAP:Body> > ...leave empty or put dummy element here > ...if you don't want unencrypted data > </SOAP:Envelope> -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Tuesday, 19 February 2002 13:43:31 UTC