[jira] Commented: (RAMPART-28) Cannot add parts of the header for encryption

Sun, 25 Mar 2007 05:21:55 -0800 

    [ 
https://issues.apache.org/jira/browse/RAMPART-28?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12483935
 ] 

Ruchith Udayanga Fernando commented on RAMPART-28:
--------------------------------------------------

Hi Angel,

What I meant as a soap header is a soap header block which is an immediate 
child of the soap:Header element in the soap:Envelope.

<soap:Envelope>
  <soap:Header>
     <wsa:To mustunderstand="1"> .... </wsa:To>
     <wsse:Securty mustunderstand="1"> .... </wsse:Securty>
  </soap:Header>
  <soap:Body>
  </soap:Body>
</soap:Envelope>

For example the wsa:ReplyTo element. This is a header that we can specify under 
EncryptedParts as a header. Also Timestamp is a child element of the 
wsse:Security header and  WS-SecurityPolicy spec clearly specifies singning of 
the timestamp when it is used. 

WS-SecurityPolicy spec do provide a mechanism to point to an arbitrary element 
to be encrypted or signed using "EncryptedElements" and "SignedElements"

Thanks,
Ruchith

> Cannot add parts of the header for encryption
> ---------------------------------------------
>
>                 Key: RAMPART-28
>                 URL: https://issues.apache.org/jira/browse/RAMPART-28
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-policy
>    Affects Versions: 1.1
>         Environment: Windows XP Pro, Apache Axis2 1.1.1 , Rampart 1.1 , 
> Tomcat 5.5.23
>            Reporter: Angel Todorov
>         Assigned To: Dimuthu Leelarathne
>             Fix For: 1.2
>
>
> Hi, 
> I am trying to add parts of the header as subelement of "EncryptedParts", in 
> a policy definition for rampart. The problem is that this does not have any 
> effect. The parts in the header which mark for encryption are not encrypted.
> Example:
> <sp:EncryptedParts 
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>                               <sp:Body/>
>                                                               <sp:Header 
> sp:Name="UsernameToken" 
> sp:Namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
>                       </sp:EncryptedParts>
> Thanks very much for your feedback.
> Regards,
> Angel

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to