[sbe-eas] States and the 180 day clock - encryption and authentication
acb at incident.com
Wed Sep 22 13:50:43 EDT 2010
Got a bit of follow-up info from a source on the DMIS team: "Digital signatures will be available at the SOAP envelope (wrapper) level in IPAWS-OPEN 2.0. Digital signatures will be available at the message (CAP) level with the release of IPAWS-OPEN 3.0."
Which appears to mean that there's no actual intention to implement digital signature security on EAS side of IPAWS, even in the upcoming OPEN 2.0 implementation. At least not unless FEMA mandates use of the same SOAP envelope on the output side as at the input, which isn't normally the way SOAP works. (A SOAP envelope is just a set of additional XML tags that go before and after the actual data payload, in this case the CAP message, to provide addressing and other message-routing within multi-format messaging systems.)
Note also that 'available' is very different from 'required.'
More information about the sbe-eas