W3C home > Mailing lists > Public > xml-dist-app@w3.org > November 2003

RE: Representation header

From: Yves Lafon <ylafon@w3.org>
Date: Wed, 5 Nov 2003 14:34:43 +0100 (MET)
To: Martin Gudgin <mgudgin@microsoft.com>
Cc: Anish Karmarkar <Anish.Karmarkar@oracle.com>, Mark Nottingham <mark.nottingham@bea.com>, noah_mendelsohn@us.ibm.com, "Xml-Dist-App@W3. Org" <xml-dist-app@w3.org>
Message-ID: <Pine.GSO.4.58.0311051432250.7428@gnenaghyn.vaevn.se>

On Wed, 5 Nov 2003, Martin Gudgin wrote:

>
> One reason for specifying information in the Representation header is
> that it can be secured using the mechanisms in WS-Security as it's just
> another piece of XML.

Well, it is not part of the original infoset. All those metadata are
transient and exists only between two binding instances. If you sign it,
then the verification has to be done at the binding level and not at the
application level.
So it will be at best hop-by-hop security, as an intermediary may well
deserialize/reserialize with a different Representation header.

-- 
Yves Lafon - W3C
"Baroula que barouleras, au tiéu toujou t'entourneras."
Received on Wednesday, 5 November 2003 08:35:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:15 GMT