- From: Marc Hadley <Marc.Hadley@Sun.COM>
- Date: Mon, 14 Mar 2005 14:55:54 -0500
- To: Hugo Haas <hugo@w3.org>
- Cc: Rich Salz <rsalz@datapower.com>, public-ws-addressing@w3.org
On Mar 14, 2005, at 9:56 AM, Hugo Haas wrote:
> * Rich Salz <rsalz@datapower.com> [2005-03-12 00:29-0500]
>>
>> (wsa prefix means WS-Addressing and wsse prefix means WS-Security as
>> standardized at OASIS.)
>>
>> I'd like to add a wsa:Security element to the EPR. It is intended to
>> be used as a container for security information (signatures, keys,
>> etc)
>> about the EPR. When using the SOAP binding, the contents of the
>> wsa:Security element either become a wsse:Security element or are
>> inserted at the appropriate spot within an existing wsse:Security
>> element.
>>
>> I know that these are complicated ("screwy") semantics. But I think
>> it's
>> really required to get secure WS-Addressing.
>
> Couldn't such information go in the [metadata] bucket? It seems that
> we added it for things just like that.
>
I think the problem is that we've painted the metadata bucket as the
place to put information that you don't need echoed back in messages
addressed to the EPR (its just info about the EPR). The security stuff
that Rich outlined is required to be sent back so its closer to
reference parameter semantics except that reference parameters are
serialized as direct SOAP headers whereas the requirement here is to
create a wsse:Security header or add to an existing one. We could
define a sub-bucket for this information and describe the additional
processing semantics for the contents of this sub-bucket or we could
add a new security element to the epr.
Marc.
---
Marc Hadley <marc.hadley at sun.com>
Web Technologies and Standards, Sun Microsystems.
Received on Monday, 14 March 2005 19:55:59 UTC