Securing attachments

Hi,

My system needs to receive files but security requirements force me to receive them signed. Using the XWS layer I can generate in both directions SOAP messages including security information (username+password token & signature) but I've just realized Signature generated by XWS is only valid for the SOAP message body. Attachment is an independent MIME part that has nothing to do with the body.

It seems like the only valid option is to send the file as a byte[] parameter of the Web Service so it'd be part of the message body.

Any other idea? I'd prefer to use the attachments when possible. It seems like it's a clearer solution.

Thanks in advance

Jorge Ortiz

[713 byte] By [jortizclavera] at [2007-10-2 20:47:37]