- From: Michael McIntosh <mikemci@us.ibm.com>
- Date: Thu, 23 Feb 2006 17:26:57 -0500
- To: Arun Gupta <Arun.Gupta@Sun.COM>
- Cc: public-ws-addressing@w3.org, public-ws-addressing-request@w3.org
public-ws-addressing-request@w3.org wrote on 02/23/2006 05:16:48 PM: > > Section 7.0 [1] of SOAP Binding says: > > -- cut here -- > WS-Addressing message addressing properties serialized as SOAP headers > (wsa:To, wsa:Action et al.) including those headers present as a result > of the [reference parameters] property should be integrity protected as > explained in Web Services Addressing 1.0 - Core[WS-Addressing-Core]. > -- cut here -- > > This does not restrict the sender of SOAP message to encrypt WS-A > headers. If wsa:To is to be usable for routing then WS-A headers (esp > wsa:To) must not be encrypted otherwise intermediaries wouldnt be able > to route it. It could be that a sender might encrypt the header and allow the routing intermediary to decrypt it, right? > I think WG should give some advice in the spec to that effect. > > [1] > http://dev.w3.org/cvsweb/~checkout~/2004/ws/addressing/ws-addr-soap. > html#securityconsiderations > > Thanks, > -Arun > -- > got Web Services ? > Download Java Web Services Developer Pack from > http://java.sun.com/webservices >
Received on Thursday, 23 February 2006 22:27:08 UTC