- From: Yves Lafon <ylafon@w3.org>
- Date: Wed, 5 Nov 2003 14:34:43 +0100 (MET)
- To: Martin Gudgin <mgudgin@microsoft.com>
- Cc: Anish Karmarkar <Anish.Karmarkar@oracle.com>, Mark Nottingham <mark.nottingham@bea.com>, noah_mendelsohn@us.ibm.com, "Xml-Dist-App@W3. Org" <xml-dist-app@w3.org>
On Wed, 5 Nov 2003, Martin Gudgin wrote: > > One reason for specifying information in the Representation header is > that it can be secured using the mechanisms in WS-Security as it's just > another piece of XML. Well, it is not part of the original infoset. All those metadata are transient and exists only between two binding instances. If you sign it, then the verification has to be done at the binding level and not at the application level. So it will be at best hop-by-hop security, as an intermediary may well deserialize/reserialize with a different Representation header. -- Yves Lafon - W3C "Baroula que barouleras, au tiéu toujou t'entourneras."
Received on Wednesday, 5 November 2003 08:35:21 UTC