Skip to main content

Securing MTOM attachments

4 replies [Last post]
mysore_ujval
Offline
Joined: 2007-10-30

Hi,

Can we secure MTOM attachments?

I understand that if the data is sent as base64 encoded, then we can apply WS-Security as the binary data in form of base64 encoded is sent inline with the XML data in SOAP envelope.

But in case of MTOM, even if the binary data is packaged using XOP, it still uses MIME attachments and these attachments traverse outside the SOAP envelope. Is there any way of securing these attachments?

Thanks in advance,
Ujval

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
kumarjayanti
Offline
Joined: 2003-12-10

There is no interoperable way to do this currently.... We will support securing attachments in near future.

But this particular case needs to be handled without affecting interoperability. We will get back once we have more updates on this.

Thanks.

mysore_ujval
Offline
Joined: 2007-10-30

How do we secure the MTOM attachments in any way which may not be interoperable?

For example, if we use JAX-WS both at the client and the server end, is there any proprietary way of doing this?

Thanks,
Ujval

mysore_ujval
Offline
Joined: 2007-10-30

By JAX-WS, I mean JAXWS-RI.

Thanks.

kumarjayanti
Offline
Joined: 2003-12-10

It might be possible once we have support for attachment security. The latest WS-SecurityPolicy spec has a way to sepcify secure-all-attachments. We will be supporting this and as part of this you may be able to achieve that...

But as of today there is no way.