Re: Problems with the SOAP binding

rsalz@datapower.com wrote on 01/03/2005 03:35:59 PM:

<snip/>
> More explicitly, the WS-I basic security profile says (R3207 in section
> 9.1.2), that all xenc:EncryptedKeys must be a child of the WSS header.
> So if a server wants to "statelessly" encrypt a refP so that it can
> decrypt it later, if has to put some information into the WSS header.
> I.e., encrypted refP's imply tight coupling to WSS.
<snip/>

This language has been "cleaned up" recently. The intent was not to limit
XML Encryption (or Signature) to only be used with WSS. It meant to say
that when XML Encryption is used with WSS and there is a related
xenc:EncryptedKey element that element must be a child of the wsse:Security
header.

Received on Wednesday, 5 January 2005 21:16:38 UTC