- From: Joseph Reagle <reagle@w3.org>
- Date: Fri, 21 Dec 2001 17:02:31 -0500
- To: "Hiroshi Maruyama" <MARUYAMA@jp.ibm.com>
- Cc: "David Orchard" <dorchard@bea.com>, www-xenc-xmlp-tf@w3.org, "Satoshi Hada" <SATOSHIH@jp.ibm.com>, "Takeshi Imamura" <IMAMU@jp.ibm.com>, "Maryann Hondo" <mhondo@us.ibm.com>
On Wednesday 19 December 2001 04:32, Hiroshi Maruyama wrote: > We have been looking at applying XML Encryption to SOAP envelope. The > following is an example of SOAP header for XML encryption that we are > considering. The point here is that the receiving SOAP application knows > what <xenc:EncryptedData> elements are to be decrypted. Ah... So you think it is likely/desirable to create specific SOAP security headers for this purpose? What are the semantics of these additional headers over that of a message without them but the payload is still an EncryptedData? Is it that if one has the SOAP-SEC:Encryption, if the data can't be encrypted then SOAP has the capability to respond with an error message (e.g., "Data un-decipherables")? > <SOAP-SEC:Encryption> element is combined with <SOAP-SEC:Signature>, the > use of the decryption transform solve the interdependency problem. Also > our scenario includes encrypting SOAP attachments through a "cid: ..." > URI. (such as cid:image.jpg). Could you show that in an example too? -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Friday, 21 December 2001 17:02:40 UTC