OASIS ebXML Messaging Services TC

Relevant comment posted on OASIS TC WS-SX list concerning policy domain assertions relevant to WSS security usage

  • 1.  Relevant comment posted on OASIS TC WS-SX list concerning policy domain assertions relevant to WSS security usage

    Posted 02-12-2007 15:42
    
    
    
    
    
    
    
    
    
    
    

    http://www.oasis-open.org/apps/org/workgroup/ws-sx/email/archives/200702/msg00008.html

    that requests:

    Add to sp:SignedParts and sp:EncryptedParts sp:SignedParts/Attachment  
    and sp:EncryptedParts/Attachment respectively.
    and was submitted by
    Frederick Hirsch of Nokia
    {As far as I can tell it is public or OASIS member accessible link }
    The remaining policy features that are not documented pertain to whether signing should be done before or after encryption.
    Concerns that pertain to this policy selection are replay/reuse (potential cut and paste of signed material and signature), traffic analysis (if identity is revealed by signature), etc.