But I think Nancho has a valid point here. Even though, for encryption
this seems not that trivial, what about SOAP message signature?
If we are to have non repudiation capabilities for messages exchanged we
still need to digitally sign messages in the message level. For example
if I'm getting a message from you via HTTPS I still need it to be signed
(e.g. Body).
Cheers,
Kaushalye
Dumindu Pallewela wrote:
if the transport binding is https, you won't be able to monitor the
soap messages with tcpmon in it's plain text format.
Dumindu.
On 5/9/07, Nencho Lupanov <[EMAIL PROTECTED]> wrote:
Hi Manjula,
for the transport binding yes i think the same as you,
but when i monitor the soap messages with tcpmon,
the data is not encrypted, so how exactly this transport binding
thing works for the confidentiality or is this some bug in the rampart
implementation?
thanks.
Nencho
2007/5/9, Manjula Peiris <[EMAIL PROTECTED]>:
>
> hi Nencho,
>
> I think when you are sending through a Secure transport like Https the
> Encryptedelements assertion is always satisfied. So no need to encrypt
> the body again.
>
> -Manjula.
>
>
> On Tue, 2007-05-08 at 18:31 +0300, Nencho Lupanov wrote:
> > HI all,
> >
> > Is it possible to use a TransportBinding with HttpsToken in a
rampart
> > security policy
> > and still encrypt the body with the Encryptedelements assertion for
> example?
> > thanks,
> >
> > Nencho
>
>
