-
Type:
Improvement
-
Status: New
-
Priority:
Major
-
Resolution: Unresolved
-
Component/s: AS4 Profile
-
Labels:None
On line 262 (PDF version) of the AS4 profile it is stated that "The content type of the compressed attachment MUST be "application/gzip"."
This suggests that for compressed payloads the Content-Type should always be "application/gzip".
On lines 266-267 however it is also stated that "When compression, signature and encryption are required, any attached payload(s) MUST be compressed prior to being signed and/or encrypted"
This implies that the rules of the WS-Security SwA profile must be applied after compression. As a result the Content-Type header must be changed to "application/octet-stream"
In the AS4 profile this should be made clear.