Enthuware

Hi Frits,

For the third possible answer, why does SwA not being part of the SOAP message make the use of WS-Security features on SwA not easy?



"The attachments of MTOM can be digitally signed easily. The attachments of SwA cannot."

"It is the other way around: attachments in SwA are not part of the SOAP message. This makes the use of WS-Security features not easy."

Hi!

The explanation is not clear I will update it. Thanks for pointing that out.

This will be the new explanation:
SwA defines a multi-part MIME structure for packaging attachments with SOAP messages. The structure contains a primary SOAP envelope in its root part and one or more attachments in additional MIME parts. However these attachments are not part of the SOAP envelope.

WS-Security describes how to protect (secure) SOAP-messages and uses the SOAP header for that. It doesn't define anything for additional MIME parts (as they are not part of the SOAP envelope) so you need use an extra feature to secure the attachments.

Thanks again for your feedback!

Regards,
Frits

Making the third option a correct option!

Thanks Frits, that makes sense!

MTOM attachment and SwA attachment are both not part of the SOAP envelop.
(The difference is MTOM attachment is about the same size as the original binary data, but SwA attachment is in base64Binary format, which is 33% bigger.)
Why it is easy to digitally sign MTOM attachment, but difficult to do that in SwA?


Here is a quote from http://pic.dhe.ibm.com/infocenter/radhe ... ssues.html

WS-Security and MTOM cannot be configured together for the same service at this time. When MTOM is used and WS-Security is also configured, the SOAP message is not sent properly. The user must make a choice to either use MTOM or configure WS-Security. If MTOM is required, you must remove the WS-Security policy from the WSDL file to disable WS-Security.

I wasn't precize in my previous answer but the real difference between MTOM and SwA is that with MTOM everything is part of one XML infoset. Selectively encoding of portions of the message (e.g. binary data) optimizes the transmission over the wire. In SwA the attachments are not part of the XML infoset.

WS-Security works on the XML-infoset making it (easily) possible to be used on MTOM.

Here is a quote from ...

That is a bug in WebSphere.

Regards,
Frits

Both MTOM and SwA send attachments as a separate MIME part in binary format. SwA does not send the content over the wire in base64 format.
So the question's first option would be incorrect.
See this:
http://www.theserverside.com/news/13639 ... -with-SOAP

Both MTOM and SwA send attachments as a separate MIME part in binary format. SwA does not send the content over the wire in base64 format.

You are right!

The first option is incorrect.

Thanks for your feedback!

Regards,
Frits