Re: Review - Web Services Security: SOAP Message Security (1 of 3) from Marc Hadley on 2003-10-03 (xml-dist-app@w3.org from October 2003)

From: Marc Hadley <Marc.Hadley@Sun.COM>
Date: Fri, 03 Oct 2003 14:06:55 -0400
To: Marc Hadley <Marc.Hadley@Sun.COM>
Cc: xml-dist-app@w3.org
Message-id: <5F9CC46E-F5CC-11D7-A6DB-0003937568DC@sun.com>

On Wednesday, Sep 24, 2003, at 11:27 US/Eastern, Marc Hadley wrote:
>
> *** 406 "a message MAY have multiple <wsse:Security> header blocks if 
> they are targeted for separate recipients." why can't a message 
> contain multiple wsse:Security header blocks targetted at the same 
> recipient, this seems like an uneccessary/arbitrary restriction.
>
Thinking about this some more, it occurs to me that this restriction 
forces intermediaries that want to insert security information to 
change header blocks that aren't targeted at them (assuming there's 
already Security header block targeted at the same recipient).

This doesn't gel too well with the processing model of forwarding 
intermediaries.

Marc.

--
Marc Hadley <marc.hadley@sun.com>
Web Technologies and Standards, Sun Microsystems.

Received on Friday, 3 October 2003 14:08:03 UTC