- From: Rich Salz <rsalz@zolera.com>
- Date: Fri, 04 Jan 2002 12:31:04 -0500
- To: Mark Baker <distobj@acm.org>
- CC: xml-dist-app@w3.org
I don't think it's necessary to get into the whole tunneled thing here. It is simpler (and less controversial) to say that the message may avail itself of underlying transport-level security, and/or that XML features such as DSIG and XMLENC may be used to provide soap-level security features. > The SOAP processing model itself is entirely innocuous from a security > perspective. I don't think so, since it doesn't seem feasible to encrypt the actor and mustUnderstand values. If a message is intended to go A->B->C->D but encrypted so only B knows the C-uri, then an adversary could redirect the message from B directly to D. /r$ -- Zolera Systems, Your Key to Online Integrity Securing Web services: XML, SOAP, Dig-sig, Encryption http://www.zolera.com
Received on Friday, 4 January 2002 12:32:05 UTC