Re: [ebxml-dev] Hermes1: Howto configure Persistent Confidentiality?

[Gait Boxman <gait.boxman@tie.nl>]

Title: Hermes1: Howto configure Persistent Confidentiality?

Hi Albert,

depends on what you mean by that exactly.

If you ask: will Hermes do XML Encryption for me and how do I turn that on? No, Hermes implements ebMS 2.0, and at the time of that spec, XML Enc was not ready yet.
If you ask will Hermes send XML Encrypted payloads? Yes, Hermes will send any payload, just make sure it's identified correctly, see David's response as well.
If you ask can I build a Hermes client that will do this transparently from the rest of my environment? Depends on your programming skills, but I'd say it can be done. However, that would defeat the purpose of the encryption. All traffic of ebMS can be SSL encrypted (for HTTP) or S/MIME encrypted (for mail transfer), and the client/server traffic inside Hermes can run over  HTTPS. If you want *persistent* encryption, you need Hermes to deliver the payload encrypted anyway..
I believe ebMS 3.0 introduces XML Enc as a replacement/alternative for S/MIME mail encryption, but that won't help you for your persistent requirement.

Out of curiosity, why do you need persistent encryption, is the receiving Hermes client system not trustworthy?

kind regards, Gait Boxman.

Kappe, Albert wrote:

Hello,

Does Hermes1 support Persistent Confidentiality for ebXML Payload Containers using XML Encryption?

If yes, I could appreciate any help on implementing XML Encryption for Hermes1.

Regards, Albert Kappe

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.