RE: Representation header

On Wed, 5 Nov 2003, Martin Gudgin wrote:

>
> One reason for specifying information in the Representation header is
> that it can be secured using the mechanisms in WS-Security as it's just
> another piece of XML.

Well, it is not part of the original infoset. All those metadata are
transient and exists only between two binding instances. If you sign it,
then the verification has to be done at the binding level and not at the
application level.
So it will be at best hop-by-hop security, as an intermediary may well
deserialize/reserialize with a different Representation header.

-- 
Yves Lafon - W3C
"Baroula que barouleras, au tiéu toujou t'entourneras."

Received on Wednesday, 5 November 2003 08:35:21 UTC