[
Lists Home |
Date Index |
Thread Index
]
- From: "David Galbraith" <david@moreover.com>
- To: <xml-dev@xml.org>
- Date: Sun, 7 May 2000 08:32:10 -0700
It may be entirely desireable that you use mime to create an indication that
a SOAP message is signed, encrypted etc. but it is surely not a necessity.
You may have a policy that says 'whatever' comes through my firewall must
have a standard envelope around it to identify itself - but then once
through the contents are a separate issue.
The only tricky requirement for exchange as I see it is non-repudiation,
which cannot reliably be done without a third party - however this has
nothing at all to do with XML, and that's what I like!
DG
. . . . . . . . . . . . . . . . .
David Galbraith - Chief Architect
Moreover.com - the webfeed company
david@moreover.com
415-577-8828 (US)
0777-565-8880 (UK)
favorite webfeed:
http://www.moreover.com/xml
> -----Original Message-----
> From: owner-xml-dev@xml.org [mailto:owner-xml-dev@xml.org]On Behalf Of
> Jonathan Borden
> Sent: Sunday, May 07, 2000 10:32 AM
> To: xml-dev@xml.org
> Subject: RE: SOAP, plague, love
>
>
> Dick Brooks wrote:
> >
> > David,
> >
> > If I sent a PGP encrypted/signed document as a call parameter
> > using SOAP how
> > would the receiver know the information was signed/encrypted. Is
> > there a way
> > to indicate the data is signed/encrypted using SOAP constructs? If not,
> > does this mean I have to package SOAP in another envelope, MIME perhaps?
> >
>
> 'SOAP' would not need to be packaged in another envelope,
> but the PGP
> signed/encrypted paramater would need to be represented in a way
> that would
> enable it to be inserted into a valid XML document as a sub-tree.
>
> This is the exact situation that XMTP
> (http://jabr.ne.mediaone.net/documents/xmtp.htm)
> handles. XMTP is a mechanism to represent SMTP/MIME messages in valid XML,
> as such the XMTP converted PGP document can be inserted into the XML
> envelope as the 'parameter'. What this does in effect is create an XMTP
> document envelope which represents whatever you would otherwise
> represent in
> MIME. E.g. (simplified for readability)
>
> <MIME>
> <Content-type>multipart/encrypted</Content-type>
> <Parts>
> <MIME>
> <Content-ID>document</Content-ID>
> <Content-transfer-encoding>base64</Content-transfer-encoding>
> <Body>...</Body>
> </MIME>
> <MIME>
> <Content-ID>signature</Content-ID>
> <Body>...</Body>
> </MIME>
> </Parts>
> </MIME>
>
> So, the answer is yes :-)
>
> Jonathan Borden
>
>
> ******************************************************************
> *********
> This is xml-dev, the mailing list for XML developers.
> To unsubscribe, mailto:majordomo@xml.org&BODY=unsubscribe%20xml-dev
> List archives are available at http://xml.org/archives/xml-dev/
> ******************************************************************
> *********
>
***************************************************************************
This is xml-dev, the mailing list for XML developers.
To unsubscribe, mailto:majordomo@xml.org&BODY=unsubscribe%20xml-dev
List archives are available at http://xml.org/archives/xml-dev/
***************************************************************************
|
