About Question enthuware.ocejws.v6.2.158 :
Moderators: Site Manager, fjwalraven
-
- Posts: 29
- Joined: Sat Jun 08, 2013 11:33 pm
- Contact:
About Question enthuware.ocejws.v6.2.158 :
Hi Frits,
For the third possible answer, why does SwA not being part of the SOAP message make the use of WS-Security features on SwA not easy?
"The attachments of MTOM can be digitally signed easily. The attachments of SwA cannot."
"It is the other way around: attachments in SwA are not part of the SOAP message. This makes the use of WS-Security features not easy."
For the third possible answer, why does SwA not being part of the SOAP message make the use of WS-Security features on SwA not easy?
"The attachments of MTOM can be digitally signed easily. The attachments of SwA cannot."
"It is the other way around: attachments in SwA are not part of the SOAP message. This makes the use of WS-Security features not easy."
-
- Posts: 429
- Joined: Tue Jul 24, 2012 2:43 am
- Contact:
Re: About Question enthuware.ocejws.v6.2.158 :
Hi!
The explanation is not clear I will update it. Thanks for pointing that out.
This will be the new explanation:
SwA defines a multi-part MIME structure for packaging attachments with SOAP messages. The structure contains a primary SOAP envelope in its root part and one or more attachments in additional MIME parts. However these attachments are not part of the SOAP envelope.
WS-Security describes how to protect (secure) SOAP-messages and uses the SOAP header for that. It doesn't define anything for additional MIME parts (as they are not part of the SOAP envelope) so you need use an extra feature to secure the attachments.
Thanks again for your feedback!
Regards,
Frits
The explanation is not clear I will update it. Thanks for pointing that out.
This will be the new explanation:
SwA defines a multi-part MIME structure for packaging attachments with SOAP messages. The structure contains a primary SOAP envelope in its root part and one or more attachments in additional MIME parts. However these attachments are not part of the SOAP envelope.
WS-Security describes how to protect (secure) SOAP-messages and uses the SOAP header for that. It doesn't define anything for additional MIME parts (as they are not part of the SOAP envelope) so you need use an extra feature to secure the attachments.
Thanks again for your feedback!
Regards,
Frits
-
- Posts: 429
- Joined: Tue Jul 24, 2012 2:43 am
- Contact:
Re: About Question enthuware.ocejws.v6.2.158 :
Making the third option a correct option!
-
- Posts: 29
- Joined: Sat Jun 08, 2013 11:33 pm
- Contact:
Re: About Question enthuware.ocejws.v6.2.158 :
Thanks Frits, that makes sense!
-
- Posts: 358
- Joined: Fri Nov 29, 2013 8:26 pm
- Contact:
Re: About Question enthuware.ocejws.v6.2.158 :
MTOM attachment and SwA attachment are both not part of the SOAP envelop.
(The difference is MTOM attachment is about the same size as the original binary data, but SwA attachment is in base64Binary format, which is 33% bigger.)
Why it is easy to digitally sign MTOM attachment, but difficult to do that in SwA?
Here is a quote from http://pic.dhe.ibm.com/infocenter/radhe ... ssues.html
(The difference is MTOM attachment is about the same size as the original binary data, but SwA attachment is in base64Binary format, which is 33% bigger.)
Why it is easy to digitally sign MTOM attachment, but difficult to do that in SwA?
Here is a quote from http://pic.dhe.ibm.com/infocenter/radhe ... ssues.html
WS-Security and MTOM cannot be configured together for the same service at this time. When MTOM is used and WS-Security is also configured, the SOAP message is not sent properly. The user must make a choice to either use MTOM or configure WS-Security. If MTOM is required, you must remove the WS-Security policy from the WSDL file to disable WS-Security.
-
- Posts: 429
- Joined: Tue Jul 24, 2012 2:43 am
- Contact:
Re: About Question enthuware.ocejws.v6.2.158 :
I wasn't precize in my previous answer but the real difference between MTOM and SwA is that with MTOM everything is part of one XML infoset. Selectively encoding of portions of the message (e.g. binary data) optimizes the transmission over the wire. In SwA the attachments are not part of the XML infoset.
WS-Security works on the XML-infoset making it (easily) possible to be used on MTOM.
Regards,
Frits
WS-Security works on the XML-infoset making it (easily) possible to be used on MTOM.
That is a bug in WebSphere.Here is a quote from ...
Regards,
Frits
-
- Posts: 3
- Joined: Sun Nov 30, 2014 5:00 am
- Contact:
Re: About Question enthuware.ocejws.v6.2.158 :
Both MTOM and SwA send attachments as a separate MIME part in binary format. SwA does not send the content over the wire in base64 format.
So the question's first option would be incorrect.
See this:
http://www.theserverside.com/news/13639 ... -with-SOAP
So the question's first option would be incorrect.
See this:
http://www.theserverside.com/news/13639 ... -with-SOAP
-
- Posts: 429
- Joined: Tue Jul 24, 2012 2:43 am
- Contact:
Re: About Question enthuware.ocejws.v6.2.158 :
You are right!Both MTOM and SwA send attachments as a separate MIME part in binary format. SwA does not send the content over the wire in base64 format.
The first option is incorrect.
Thanks for your feedback!
Regards,
Frits
Who is online
Users browsing this forum: No registered users and 5 guests