Uploaded image for project: 'OASIS ebXML Messaging Services TC'
  1. OASIS ebXML Messaging Services TC
  2. EBXMLMSG-86

Confusion about Content-Type for compressed and encrypted payloads

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: AS4 Profile
    • Labels:
      None

      Description

      On line 262 (PDF version) of the AS4 profile it is stated that "The content type of the compressed attachment MUST be "application/gzip"."

      This suggests that for compressed payloads the Content-Type should always be "application/gzip".

      On lines 266-267 however it is also stated that "When compression, signature and encryption are required, any attached payload(s) MUST be compressed prior to being signed and/or encrypted"

      This implies that the rules of the WS-Security SwA profile must be applied after compression. As a result the Content-Type header must be changed to "application/octet-stream"

      In the AS4 profile this should be made clear.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              sanderfieten Sander Fieten (Inactive)
            • Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: