search

lsalamon / nhin-d

Automatically exported from code.google.com/p/nhin-d
0 stars 0 forks source link

incorrect code comment - DefaultNHINDAgent.java #136

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
What is the expected output? What do you see instead?

What version of the product are you using? On what operating system?
Java RI
agent-1.1.4-SNAPSHOT.jar

Please provide any additional information below.

Code comment appears in DefaultNHINDAgent.java
        //
        // The standard requires that the original message be wrapped to protect headers
        //
       message.setMessage(this.unwrapMessage(message.getMessage()));

Actually, "Applicability Statement for Secure Health Transport" does not even 
recommend wrapping.

  In the discussion of the "Applicability Statement ..." there is the suggestion: "Using full message wrapping (and therefore protecting the to/from headers)".

  And the code in DefaultNHINDAgent.java allows unwrapped messages.
          if (!WrappedMessage.isWrapped(message))
            {
                return message;
            }
                retMessage = WrappedMessage.extract(message);

At the least, there should be an option for blocking unwrapped messages.

In a private communication with a participant in the C# RI group, I was told:
"[C# RI,] Incoming: accepts wrapped or unwrapped by default, by config you can 
reject unwrapped if you want"

At the least, the Java RI should also have configuration for automatically 
rejecting non message/rfc822 messages.

I hope the specification group considers requiring wrapping in the spec.

Original issue reported on code.google.com by NFinst...@gmail.com on 10 May 2011 at 4:17

GoogleCodeExporter commented 9 years ago

Original comment by bgran...@harris.com on 12 May 2011 at 6:32