axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Illsley" <>
Subject Re: [axis2] Re: svn commit: r559011 - in /webservices/axis2/trunk/java/modules: addressing/src/META-INF/ integration/conf/ integration/test-resources/deployment/ integration/test-resources/mtom/ integration/test-resources/swa/ integration/test/org/ap
Date Mon, 30 Jul 2007 14:32:49 GMT
On 30/07/07, Glen Daniels <> wrote:
> Hi all!
> Please note in this discussion that there definitely are use cases where
> the addressing handlers WILL be encrypted.  The addressing WG
> specifically discussed the idea that some users won't want information
> such as the URL of the wsa:Action to be snoopable on the wire.  This is
> one of the reasons that the wsa:Action/soapAction relationship was
> specified the way it was.
> We don't know whether this will become a common usage or not, but I
> think we shouldn't completely rely on the fact that Addressing will
> *always* be happening before decryption.  If security is enabled
> globally, this shouldn't be a problem, and even if it's
> enabled/configured on a service/operation level, that just means we need
> to do the dispatch using something like the transport URL, or another
> accessible piece of information, before decrypting.
> Clearly there are a lot of moving parts, and a lot of valid
> combinations.  As long as a combination is coherent and makes all the
> information needed at each phase available, we should be able to support it.
> I think David's call for use cases is perhaps the next thing we should
> deal with, and I'd put forth "entire message including wsa headers is
> encrypted, dispatch to service happens via URL".

Agreed, I think this is a reasonable use-case

David Illsley - IBM Web Services Development

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message