axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaushalye Kapuruge <kausha...@wso2.com>
Subject Re: MTOM and encryption
Date Mon, 03 Dec 2007 15:21:39 GMT
Thilina Gunarathne wrote:
>> I do not understand why somebody need to encrypt MTOM
>> attachment.
>>     
> Actually one of the main motivations behind introducing MTOM is the
> ability to secure the attachments.
>
>   
>> But when it comes to encryption,
>> the serialization of the OM node (before the crypto process), doesn't
>> handle this optimization. Thus the image(or binary content) get lost.
>>     
> In the case of Axis2/Java, OMText.getText() always gives a string
> representation of the content. If the content is Binary, it'll
> automatically base64 encode it.. 
So this means the optimization is turned OFF. Basically its the approach 
#2 as I suggested. Correct me if I'm wrong.
-Kau

>  Axis2/Java security only needs to
> call the OMText.getText(), irrespective of whether it's a binary or
> normal text..This method also conforms to the MTOM spec, as it describes MTOM as
> selectively encoding of binary data either as base64 or as XOP MIME
> attachments.
>
> thanks,
> Thilina
>
>   
>> AFAIU, There is no real value in MTOM message unless MTOM
>> receiving endpoint. There is no point eavesdropping MTOM message I
>> guess. Please bare with my limited security knowledge.
>>
>> thanks,
>> Dinesh
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-c-dev-help@ws.apache.org
>>
>>
>>     
>
>
>
>   


-- 
http://blog.kaushalye.org/
http://wso2.org/


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org


Mime
View raw message