Re: XMLP Comments to XMLE LC

On Wednesday 19 December 2001 04:32, Hiroshi Maruyama wrote:
> We have been looking at applying XML Encryption to SOAP envelope.  The
> following is an example of SOAP header for XML encryption that we are
> considering.  The point here is that the receiving SOAP application knows
> what <xenc:EncryptedData> elements are to be decrypted.

Ah... So you think it is likely/desirable to create specific SOAP security 
headers for this purpose? What are the semantics of these additional 
headers over that of a message without them but the payload is still an 
EncryptedData? Is it that if one has the SOAP-SEC:Encryption, if the data 
can't be encrypted then SOAP has the capability to respond with an error 
message (e.g., "Data un-decipherables")?

> <SOAP-SEC:Encryption> element is combined with <SOAP-SEC:Signature>, the
> use of the decryption transform solve the interdependency problem.  Also
> our scenario includes encrypting SOAP attachments through a "cid: ..."
> URI. (such as cid:image.jpg).

Could you show that in an example too?


Joseph Reagle Jr.       
W3C Policy Analyst      
IETF/W3C XML-Signature Co-Chair
W3C XML Encryption Chair

Received on Friday, 21 December 2001 17:02:40 UTC