- From: <Frederick.Hirsch@nokia.com>
- Date: Fri, 28 Mar 2003 01:00:25 -0500
- To: <www-xkms@w3.org>
- Cc: <pbaker@verisign.com>
Phillip Regarding the issue #11 mentioned on today's call, which reads in the issues list as: "I'm not sure why the Payload Binding is not supported (Part 2, [#22]). Does this mean XML Encryption is not allowed for use within XKMS messages?" This refers to the security bindings table in part 2, where the payload security column indicates that confidentiality is only supported using TLS (Section 5, security bindings) Confidentiality: "None, although applications may employ TLS to establish a secure channel" My question is, if the SOAP binding is used, then WSS SOAP Message Security can be used to encrypt the payload containing the XKMS request or response using XML Encryption, so confidentiality is supported at the payload binding. Thus the question is, should the column titled "Payload Security" be "SOAP Messaging Security" and if so, cannot confidentiality be supported at the SOAP Messaging security level. If no SOAP is used, than cannot XML Encryption be used at the application level? What is confusing is that the payload security seems to limit itself to authentication in this section, yet the SSL/TLS goes beyond that. This table seems to ignore the SOAP binding, hence the question. I propose changing the confidentiality line to mention that SOAP Message security may be used to also provide confidentiality. regards, Frederick Frederick Hirsch Nokia Mobile Phones
Received on Friday, 28 March 2003 01:01:38 UTC