- From: Arun Gupta <Arun.Gupta@Sun.COM>
- Date: Thu, 23 Feb 2006 14:16:48 -0800
- To: public-ws-addressing@w3.org
Section 7.0 [1] of SOAP Binding says: -- cut here -- WS-Addressing message addressing properties serialized as SOAP headers (wsa:To, wsa:Action et al.) including those headers present as a result of the [reference parameters] property should be integrity protected as explained in Web Services Addressing 1.0 - Core[WS-Addressing-Core]. -- cut here -- This does not restrict the sender of SOAP message to encrypt WS-A headers. If wsa:To is to be usable for routing then WS-A headers (esp wsa:To) must not be encrypted otherwise intermediaries wouldnt be able to route it. I think WG should give some advice in the spec to that effect. [1] http://dev.w3.org/cvsweb/~checkout~/2004/ws/addressing/ws-addr-soap.html#securityconsiderations Thanks, -Arun -- got Web Services ? Download Java Web Services Developer Pack from http://java.sun.com/webservices
Received on Thursday, 23 February 2006 22:15:30 UTC