[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: SOAP MTOM 1.0 Section 4.1.1
Gary, The reference to Section 4.1.1 is obviously wrong. I believe the correct reference would be Section 3 (or 3.1). __ From: Graham, Gary Jim, The WebServices SIP specification (i.e. ecf-v4.0-webservices-v2.0-spec-cd01.doc) provides the following in section 2.6: The [SOAP MTOM 1.0] references is: [SOAP MTOM 1.0]
D. Angelov, C. Ferris, A Karmarkar, C Liu, J Marsh, J Mischikinsky, A Nadalin, U Yakmalp,
SOAP 1.1 Binding for MTOM 1.0, http://www.w3.org/Submission/soap11mtom10/, W3C Member Submission, April 05, 2006. The hyperlink provides access to There does not appear to be a Section 4.1.1 in this document. There is only a Section 4. Security Considerations (below): Because SOAP can carry application defined data whose semantics is independent from that of any MIME wrapper (or
context within which the MIME wrapper is used), one should not expect to be able to understand the semantics of the SOAP message based on the semantics of the MIME wrapper alone. Therefore, whenever using the
application/xop+xml media type, it is strongly advised that the security implications of the context within which
the SOAP message is used is fully understood. The security implications are likely to involve both the specific SOAP binding to an underlying protocol as well as the application-defined semantics of the data carried in the SOAP message. It is assumed that such mechanisms that protect SOAP messages at the infoset level will seamlessly adapt to provide
protection for messages conforming to this document. It is strongly recommended that the messages be secured using those mechanisms. In order to properly secure messages, the body and all relevant headers need to be included in the signature. It should be
noted that for messages traveling through intermediaries, it is possible that some or all of the message information headers may have multiple signatures when the message arrives at the ultimate receiver. It is strongly recommended that the initial sender
include a signature to prevent any spoofing by intermediaries. Jim, is this just a reference numbering error in the ECF WebServices SIP specification (e.g. should reference Section 4 and not 4.1.1) or has an incorrect reference been provided? If it is an incorrect reference, do you know what the intended
reference should be? Thanks Gary Graham |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]