Re: XMLP/XMLE Use cases and processing models

Exactly. Applications which use to use XML Encryption or otherwise expect 
to have elements from other namespaces need to be savvy about what they 
want to do (e.g., encrypt the content of a SOAP:Header) and how they want 
to do it  (e.g., write a flexible, create a new namespace ,etc.) 
Applications that haven't done this might have to take some other steps 
which won't as easy and straightforward but it's their call. There's no 
solution that automatically makes all pre-existing XML applications XML 
encryption aware or capable in every possible scenario -- like encryption 
the SOAP header itself.

On Monday 18 February 2002 20:21, wrote:
> which is indeed not valid SOAP, suggesting the need for a new media type.
> But... that's not how you would use SOAP IMO.  I suggest instead:
>         <SOAP:Envelope xmlns:soap="..." >
>            <SOAP:Header>
>                 <xenc:EncryptedData xmlns:xenc="..."
>                             SOAP:mustUnderstand="true"
>                             SOAP:role="decryptingIntermediary">
>                 ...
>                 </xenc:EncryptedData>
>            </SOAP:Header>
>            <SOAP:Body>
>                 ...leave empty or put dummy element here
>                 ...if you don't want unencrypted data
>         </SOAP:Envelope>


Joseph Reagle Jr.       
W3C Policy Analyst      
IETF/W3C XML-Signature Co-Chair
W3C XML Encryption Chair

Received on Tuesday, 19 February 2002 13:43:31 UTC